Published: 21/07/2022 Updated: 06/10/2022

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asus aura_ready_game_software_development_kit 1.0.0.4

Asus GameSDK version 1004 suffers from an unquoted service path vulnerability in GameSDKexe ...

Unquoted Service Path Asus GameSdk

CVE-2022-35899 Unquoted Service Path Asus GameSdk Exploit Title: Asus GameSDK v1004 - 'GameSDKexe' Unquoted Service Path (Privilege Escalation) Date: 07/14/2022 Exploit Author: Angelo Pio Amirante Version: 1004 Tested on: Windows 10 Patched version: 1050 Step to discover the unquoted service path: wmic service get name,displayname,pathname,startmode | findst

CWE-428 https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html https://github.com/AngeloPioAmirante/CVE-2022-35899 https://www.exploit-db.com/exploits/50985 https://nvd.nist.gov https://github.com/AngeloPioAmirante/CVE-2022-35899 https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-35899

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect