CVE-2022-44898
CVE-2022-44898
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
14 dic 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/aReferencias
http://packetstormsecurity.com/files/174447/MsIo64-LOLDriver-Memory-Corruption.htmlhttps://heegong.github.io/posts/ASUS-AuraSync-Kernel-Stack-Based-Buffer-Overflow-Local-Privilege-Escalation/https://www.asus.com/campaign/aura/us/download.phphttps://www.asus.com/content/ASUS-Product-Security-Advisory/