Published: 26/12/2018 Updated: 03/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and previous versions exposes a path to write an arbitrary DWORD to an arbitrary address.

Vulnerability Trend

Mailing Lists

SecureAuth - SecureAuth Labs Advisory wwwsecureauthcom/ ASUS Drivers Elevation of Privilege Vulnerabilities *1 *Advisory Information** Title: ASUS Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2017-0012 Advisory URL: wwwsecureauthcom/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities Date publi ...
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges ASUS Aura Sync versions 10722 and below are affected ...

Recent Articles

BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver
Threatpost • Tara Seals • 10 Feb 2020

The operators behind the RobbinHood ransomware are using a vulnerable, legacy driver from Taiwan-based motherboard manufacturer Gigabyte in order to get around antivirus protections. The “bring-your-own-bug” tactic is likely to crop up in other attacks going forward, according to security analysts.
According to research from Sophos, the driver has a known vulnerability (CVE-2018-19320), and was discontinued in 2018 by the company. However, the Verisign certificate used to digitally sig...

ASUS, GIGABYTE Drivers Contain Code Execution Vulnerabilities - PoCs Galore
BleepingComputer • Ionut Ilascu • 18 Dec 2018

Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code.
In total, there are seven vulnerabilities affecting five software products, and researchers wrote exploit code for each of them. Many of them might still be unaddressed.
Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be expl...