CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18536

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2018/Dec/34
http://www.securityfocus.com/bid/106250
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2018/Dec/34
http://www.securityfocus.com/bid/106250
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities

Products affected by CVE-2018-18536

Asus » Aura Sync » Version: N/A

cpe:2.3:h:asus:aura_sync:-
Asus » Aura Sync Firmware » Version: 1.07.22

cpe:2.3:o:asus:aura_sync_firmware:1.07.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18536

Products

Pricing

Contact Us