Privilege escalation in Asus Aura Sync



Published: 2018-12-19
Risk Medium
Patch available NO
Number of vulnerabilities 3
CVE-ID CVE-2018-18537
CVE-2018-18536
CVE-2018-18535
CWE-ID CWE-782
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
Aura Sync
Client/Desktop applications / Other client software

Vendor Asus

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU16618

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-18537

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.

The weakness exists due to a path in the processing of IOCTL_GLCKIO_READPORT (0x80102050) on GLCKIo. A local attacker can write arbitrary DWORD to an arbitrary address and gain elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Aura Sync: 1.06.95 - 1.07.22


CPE2.3 External links

http:Cybersecurity Help is currently unaware of any official solution addressing the vulnerability.

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Privilege escalation

EUVDB-ID: #VU16619

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-18536

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.

The weakness exists due to both GLCKIo and Asusgio expose a functionality to read/write data from/to IO ports. A local attacker can execute arbitrary code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution addressing the vulnerability.

Vulnerable software versions

Aura Sync: 1.06.95 - 1.07.22


CPE2.3 External links

http://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Privilege escalation

EUVDB-ID: #VU16620

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-18535

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.

The weakness exists due to Asusgio exposes a functionality to read and write Machine Specific Registers (MSRs). A local attacker can execute arbitrary ring-0 code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution addressing the vulnerability.

Vulnerable software versions

Aura Sync: 1.06.95 - 1.07.22


CPE2.3 External links

http://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###