CVE-2019-25764

Summary

UNSUPPORTED WHEN ASSIGNED  Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation.

Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSAURA SYNC0 < 1.07.84affected

Weaknesses

  • CWE-782: CWE-782: Exposed IOCTL with Insufficient Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References