ASUS Aura Sync v1.07.22 and Earlier: Arbitrary Ring-0 Code Execution via Asusgio Low-Level Driver Vulnerability

ASUS Aura Sync v1.07.22 and Earlier: Arbitrary Ring-0 Code Execution via Asusgio Low-Level Driver Vulnerability

CVE-2018-18535 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

Learn more about our Web Application Penetration Testing UK.