#VU20910 Permissions, Privileges, and Access Controls


Published: 2021-06-17

Vulnerability identifier: #VU20910

Vulnerability risk: Critical

CVSSv3.1:

CVE-ID: CVE-2019-10709

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Asus Precision TouchPad
Hardware solutions / Firmware

Vendor: Asus

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the "AsusPTPFilter.sys" driver has a Pool Overflow associated with the \\.\AsusTP device. A remote attacker can cause a denial of service attack or potentially privilege escalation via a crafted "DeviceIoControl" call.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Asus Precision TouchPad : 11.0.0.25


CPE

External links
http://packetstormsecurity.com/files/154259/Asus-Precision-TouchPad-11.0.0.25-Denial-Of-Service-Privilege-Escalation.html
http://blog.telspace.co.za/2019/08/tsa-2019-001-asus-precision-touchpad.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability