// For flags

CVE-2022-36439

 

Severity Score

6.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.

El archivo AsusSoftwareManager.exe en ASUS System Control Interface en ordenadores personales ASUS (con Windows) permite a un usuario local escribir en el directorio Temp y eliminar otro archivo más privilegiado por medio de los privilegios SYSTEM. Esto afecta a ASUS System Control Interface 3 versiones anteriores a 3.1.5.0, AsusSoftwareManger.exe versiones anteriores a 1.0.53.0 y AsusLiveUpdate.dll versiones anteriores a 1.0.45.0

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-07-25 CVE Reserved
  • 2022-10-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asus
Search vendor "Asus"
 Asusliveupdate
Search vendor "Asus" for product "Asusliveupdate"
 < 1.0.45.0
Search vendor "Asus" for product "Asusliveupdate" and version " < 1.0.45.0"
-
Affected
Asus
Search vendor "Asus"
 Asussoftwaremanger
Search vendor "Asus" for product "Asussoftwaremanger"
 < 1.0.53.0
Search vendor "Asus" for product "Asussoftwaremanger" and version " < 1.0.53.0"
-
Affected
Asus
Search vendor "Asus"
 System Control Interface
Search vendor "Asus" for product "System Control Interface"
 >= 3.0.0.0 < 3.1.5.0
Search vendor "Asus" for product "System Control Interface" and version " >= 3.0.0.0 < 3.1.5.0"
-
Affected