Unquoted Service Path Vulnerability in Asus Armoury Crate
CVE-2023-26911

7.8HIGH

Key Information:

Vendor: Asus
Status: Armoury Crate; Setupasusservices
Vendor: CVE Published:; 26 July 2023

Summary

ASUS Armoury Crate versions include an unquoted service path vulnerability in SetupAsusServices that enables local users to execute processes with elevated privileges. This configuration flaw can be exploited to gain unauthorized control over the affected system, presenting a significant risk to data integrity and security. It is essential for users to implement the latest updates and monitor for unauthorized changes to service configurations.

References

http://asus.com

http://setupasusservices.com

https://irradiate.com.au/blog/CVE-2023-26911

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Feb 27, 2023