Privilege Escalation Vulnerability in ASUS Aura Sync Driver
CVE-2018-18535

7.8HIGH

Key Information:

Vendor

Asus
Status
Aura Sync Firmware
Vendor
CVE Published:
26 December 2018

What is CVE-2018-18535?

The ASUS Aura Sync low-level driver prior to version 1.07.22 has a serious vulnerability that allows unauthorized functionality to read and write Machine Specific Registers (MSRs). This exposure could be exploited by attackers to execute arbitrary ring-0 code, posing significant risks to system security. Affected users are encouraged to update to the latest version to mitigate potential exploits.

References

http://www.securityfocus.com/bid/106250
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/150893/ASUS-Driver-P...
x_refsource_MISC
https://www.secureauth.com/labs/advisories/asus-drivers-e...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-18535 : Privilege Escalation Vulnerability in ASUS Aura Sync Driver