Privilege Escalation Vulnerability in ASUS EC Tool Driver
CVE-2022-42455

7.8HIGH

Key Information:

Vendor: Asus
Status: Armoury Crate
Vendor: CVE Published:; 15 February 2023

What is CVE-2022-42455?

The ASUS EC Tool driver, specifically version 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, features multiple IOCTL handlers that enable local users to execute unprivileged IOCTL calls providing raw access to port I/O and model-specific registers (MSRs). This vulnerability allows local users to escalate their privileges, potentially compromising system security.

References

https://github.com/mandiant/Vulnerability-Disclosures/blo...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2023
Vulnerability Reserved
Oct 6, 2022

Asus

What is CVE-2022-42455?

References

CVSS V3.1

Timeline