CVE-2023-26911

7.8HIGH

Key Information

Vendor
Asus
Status
Armoury Crate
Setupasusservices
Vendor
CVE Published:
26 July 2023

Summary

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.

References

http://asus.com
http://setupasusservices.com
https://irradiate.com.au/blog/CVE-2023-26911

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.