Privilege Escalation in ASUS ROG Armoury Crate Lite Software
CVE-2021-40981

7.3HIGH

Key Information:

Vendor: Asus
Status: Armoury Crate Lite Service
Vendor: CVE Published:; 27 September 2021

What is CVE-2021-40981?

The ASUS ROG Armoury Crate Lite software prior to version 4.2.10 is vulnerable to a privilege escalation flaw. Local users can exploit this vulnerability by placing a malicious file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. This could allow malicious actors to gain elevated privileges, potentially compromising system integrity. Users are advised to update the software to safeguard against such attacks.

References

https://aptw.tf/2021/09/24/armoury-crate-privesc.html

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2021
Vulnerability Reserved
Sep 13, 2021

Asus

What is CVE-2021-40981?

References

CVSS V3.1

Timeline