Permissions, Privileges, and Access Controls in Asus Precision TouchPad
| Risk | Critical |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-10709 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Asus Precision TouchPad Hardware solutions / Firmware |
| Vendor | Asus |
Security Bulletin
This security bulletin contains one critical risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU20910
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2019-10709
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the "AsusPTPFilter.sys" driver has a Pool Overflow associated with the \\.\AsusTP device. A remote attacker can cause a denial of service attack or potentially privilege escalation via a crafted "DeviceIoControl" call.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAsus Precision TouchPad : 11.0.0.25
CPE2.3 External links
http://packetstormsecurity.com/files/154259/Asus-Precision-TouchPad-11.0.0.25-Denial-Of-Service-Privilege-Escalation.html
http://blog.telspace.co.za/2019/08/tsa-2019-001-asus-precision-touchpad.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
