Privilege escalation in Asus Aura Sync
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-18537 CVE-2018-18536 CVE-2018-18535 |
| CWE-ID | CWE-782 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
Aura Sync Client/Desktop applications / Other client software |
| Vendor | Asus |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU16618
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-18537
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: No
Description
The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.
The weakness exists due to a path in the processing of IOCTL_GLCKIO_READPORT (0x80102050) on GLCKIo. A local attacker can write arbitrary DWORD to an arbitrary address and gain elevated privileges.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsAura Sync: 1.06.95 - 1.07.22
External linkshttp:Cybersecurity Help is currently unaware of any official solution addressing the vulnerability.
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Privilege escalation
EUVDB-ID: #VU16619
Risk: Medium
CVSSv3.1: 8.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-18536
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: No
Description
The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.
The weakness exists due to both GLCKIo and Asusgio expose a functionality to read/write data from/to IO ports. A local attacker can execute arbitrary code with elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution addressing the vulnerability.
Vulnerable software versionsAura Sync: 1.06.95 - 1.07.22
External linkshttp://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Privilege escalation
EUVDB-ID: #VU16620
Risk: Medium
CVSSv3.1: 8.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-18535
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: No
Description
The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.
The weakness exists due to Asusgio exposes a functionality to read and write Machine Specific Registers (MSRs). A local attacker can execute arbitrary ring-0 code with elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution addressing the vulnerability.
Vulnerable software versionsAura Sync: 1.06.95 - 1.07.22
External linkshttp://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
