CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2018-18535 – ASUS Driver Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-18535
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. El controlador de bajo nivel Asusgio en ASUS Aura Sync, en versiones v1.07.22 y anteriores, expone funcionalidades para leer y escribir registros MSR (Machine Specific Registers). Esto podría aprovecharse para ejecutar código ring-0 arbitrario. Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. • http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html http://seclists.org/fulldisclosure/2018/Dec/34 http://www.securityfocus.com/bid/106250 https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2018-18536 – ASUS Driver Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-18536
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. Los controladores de bajo nivel GLCKIo y Asusgio en ASUS Aura Sync, en versiones v1.07.22 y anteriores, exponen funcionalidades para leer y escribir datos desde/hacia los puertos IO. Esto podría aprovecharse de varias formas para ejecutar código con privilegios elevados. Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. • http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html http://seclists.org/fulldisclosure/2018/Dec/34 http://www.securityfocus.com/bid/106250 https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2018-18537 – ASUS Driver Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-18537
The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. El controlador de bajo nivel GLCKIo en ASUS Aura Sync, en versiones v1.07.22 y anteriores, expone una ruta para escribir un DWORD arbitrario en una dirección arbitraria. Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected. • http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html http://seclists.org/fulldisclosure/2018/Dec/34 http://www.securityfocus.com/bid/106250 https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities •