2.1
CVSSv2

CVE-2018-18537

Published: 26/12/2018 Updated: 03/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and previous versions exposes a path to write an arbitrary DWORD to an arbitrary address.

Vulnerability Trend

Affected Products

Vendor Product Versions
AsusAura Sync Firmware1.07.22

Mailing Lists

SecureAuth - SecureAuth Labs Advisory wwwsecureauthcom/ ASUS Drivers Elevation of Privilege Vulnerabilities *1 *Advisory Information** Title: ASUS Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2017-0012 Advisory URL: wwwsecureauthcom/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities Date publi ...
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges ASUS Aura Sync versions 10722 and below are affected ...

Recent Articles

ASUS, GIGABYTE Drivers Contain Code Execution Vulnerabilities - PoCs Galore
BleepingComputer • Ionut Ilascu • 18 Dec 2018

Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code.
In total, there are seven vulnerabilities affecting five software products, and researchers wrote exploit code for each of them. Many of them might still be unaddressed.
Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be expl...