Published: 27/09/2021 Updated: 01/10/2021

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 393

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

ASUS ROG Armoury Crate Lite prior to 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asus armoury crate lite service

ASUS patches ROG Armoury Crate app after researcher spots all-too-common flaw

The Register • Gareth Corfield • 28 Sep 2021

Get our weekly newsletter It tries to load a file from a location any old user can write to

A flaw in ASUS's ROG Armoury Crate hardware management app could have allowed low-privileged users to execute code as administrator. The now-patched privilege escalation vulnerability was uncovered by "Federico" from Italian hacker collective APTortellini. Federico discovered the vuln after taking a close look at ROG Armoury Crate, finding a DLL hijacking vuln that allowed ordinary users to execute code with SYSTEM privileges after pasting a crafted file into a directory used by the app. The sof...

CVE-2021-40981

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect