Lucene search

[email protected]CVE-2022-35899

HistoryJul 21, 2022 - 5:15 p.m.

CVE-2022-35899

2022-07-2117:15:08

CWE-428

[email protected]

web.nvd.nist.gov

asustek

aura ready

game sdk

local user

privilege escalation

unquoted service path

cve-2022-35899

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.1%

JSON

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

Affected configurations

NVD

Node

asusaura_ready_game_software_development_kitMatch1.0.0.4

AND

microsoftwindowsMatch-

CPENameOperatorVersion
asus:aura_ready_game_software_development_kitasus aura ready game software development kiteq1.0.0.4

CPE	Name	Operator	Version
asus:aura_ready_game_software_development_kit	asus aura ready game software development kit	eq	1.0.0.4

References

github.com/AngeloPioAmirante/CVE-2022-35899

packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html

www.exploit-db.com/exploits/50985

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.1%

JSON

Related for CVE-2022-35899

cvelist1 prion1 nvd1 packetstorm1 zdt1 exploitdb1 openvas1