Vulnerabilities (CVE)

Filtered by vendor Asus Subscribe

Filtered by product Aura Sync

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-18535	1 Asus	2 Aura Sync, Aura Sync Firmware	2020-08-24	7.2 HIGH	7.8 HIGH
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
CVE-2018-18536	1 Asus	2 Aura Sync, Aura Sync Firmware	2020-08-24	7.2 HIGH	7.8 HIGH
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVE-2019-17603	1 Asus	1 Aura Sync	2020-06-25	7.2 HIGH	7.8 HIGH
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.