Risk | Critical |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-10709 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Asus Precision TouchPad Hardware solutions / Firmware |
Vendor | Asus |
This security bulletin contains one critical risk vulnerability.
EUVDB-ID: #VU20910
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2019-10709
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the "AsusPTPFilter.sys" driver has a Pool Overflow associated with the \\.\AsusTP device. A remote attacker can cause a denial of service attack or potentially privilege escalation via a crafted "DeviceIoControl" call.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAsus Precision TouchPad : 11.0.0.25
http://packetstormsecurity.com/files/154259/Asus-Precision-TouchPad-11.0.0.25-Denial-Of-Service-Privilege-Escalation.html
http://blog.telspace.co.za/2019/08/tsa-2019-001-asus-precision-touchpad.html
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?