CVE-2019-18216

Name of the Vulnerable Software and Affected Versions ASUS ROG Zephyrus M GM501GS laptops with BIOS 313

Description The BIOS configuration design relies on the main battery, reducing the effectiveness of a protection mechanism that prohibits booting from a USB device. Attackers with physical access to the laptop can exhaust the main battery to reset the BIOS configuration and gain direct access to the hard drive by booting a live USB OS.

Recommendations For ASUS ROG Zephyrus M GM501GS laptops with BIOS 313, consider restricting physical access to the laptop to minimize the risk of exploitation. As a temporary workaround, ensure the main battery is not exhausted to prevent unauthorized BIOS configuration resets. At the moment, there is no information about a newer version that contains a fix for this issue.