Privilege Escalation in ASUS Aura Sync Drivers
CVE-2018-18536

7.8HIGH

Key Information:

Vendor
Asus
Status
Aura Sync Firmware
Vendor
CVE Published:
26 December 2018

Summary

The low-level drivers GLCKIo and Asusgio in ASUS Aura Sync versions up to 1.07.22 expose critical functionality that allows reading and writing data to IO ports. Attackers can exploit this flaw to gain elevated privileges, potentially enabling them to execute arbitrary code on a compromised system. This vulnerability poses significant risks, as it can be used in various attack vectors to manipulate system behavior and gain unauthorized access.

References

http://www.securityfocus.com/bid/106250
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/150893/ASUS-Driver-P...
x_refsource_MISC
https://www.secureauth.com/labs/advisories/asus-drivers-e...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.