Permissions, Privileges, and Access Controls in Asus Precision TouchPad

#VU20910 Permissions, Privileges, and Access Controls in Asus Precision TouchPad

Published: 2021-06-17

Vulnerability identifier: #VU20910

Vulnerability risk: Critical

CVSSv3.1:

CVE-ID: CVE-2019-10709

CWE-ID:

Exploitation vector: Network

Exploit availability:

Vulnerable software:
Asus Precision TouchPad
Hardware solutions / Firmware

Vendor: Asus

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the "AsusPTPFilter.sys" driver has a Pool Overflow associated with the \\.\AsusTP device. A remote attacker can cause a denial of service attack or potentially privilege escalation via a crafted "DeviceIoControl" call.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Asus Precision TouchPad : 11.0.0.25

Fixed software versions

CPE

cpe:2.3:h:asus:asus_precision_touchpad:11.0.0.25:*:*:*:*:*:*:*

External links
http://packetstormsecurity.com/files/154259/Asus-Precision-TouchPad-11.0.0.25-Denial-Of-Service-Privilege-Escalation.html
http://blog.telspace.co.za/2019/08/tsa-2019-001-asus-precision-touchpad.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Permissions, Privileges, and Access Controls in Asus Precision TouchPad