Permissions, Privileges, and Access Controls in Asus Precision TouchPad

Published: 2019-09-04 | Updated: 2019-09-06
Risk Critical
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2019-10709
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Asus Precision TouchPad
Hardware solutions / Firmware

Vendor Asus

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU20910

Risk: Critical


CVE-ID: CVE-2019-10709

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes


The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the "AsusPTPFilter.sys" driver has a Pool Overflow associated with the \\.\AsusTP device. A remote attacker can cause a denial of service attack or potentially privilege escalation via a crafted "DeviceIoControl" call.


Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Asus Precision TouchPad :

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?