Main Vulnerability Database SB2019090436

SB2019090436 - Permissions, Privileges, and Access Controls in Asus Precision TouchPad

Published: September 4, 2019 Updated: September 6, 2019

Security Bulletin ID SB2019090436

Severity

Critical

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10709)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the "AsusPTPFilter.sys" driver has a Pool Overflow associated with the \\.\AsusTP device. A remote attacker can cause a denial of service attack or potentially privilege escalation via a crafted "DeviceIoControl" call.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://packetstormsecurity.com/files/154259/Asus-Precision-TouchPad-11.0.0.25-Denial-Of-Service-Privilege-Escalation.html
https://blog.telspace.co.za/2019/08/tsa-2019-001-asus-precision-touchpad.html