Privilege Escalation Vulnerability in ASUS Aura Sync Driver
CVE-2018-18537

5.5MEDIUM

Key Information:

Vendor

Asus
Status
Aura Sync Firmware
Vendor
CVE Published:
26 December 2018

What is CVE-2018-18537?

A vulnerability in the GLCKIo low-level driver of ASUS Aura Sync versions prior to v1.07.22 allows local attackers to exploit arbitrary write access. This could enable the modification of sensitive data or the execution of malicious code in the context of the affected system. The improper handling of input parameters provides a potential attack vector, which emphasizes the need for users to upgrade to the latest version of the driver to mitigate exploitation risks.

References

http://www.securityfocus.com/bid/106250
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/150893/ASUS-Driver-P...
x_refsource_MISC
https://www.secureauth.com/labs/advisories/asus-drivers-e...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-18537 : Privilege Escalation Vulnerability in ASUS Aura Sync Driver