PT-2021-23031 · Asus · Asus Rog Armoury Crate Lite

Last

Published

2021-09-27

Updated

2021-10-01

CVE-2021-40981

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASUS ROG Armoury Crate Lite versions prior to 4.2.10

Description The issue allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%ASUSGamingCenterLib directory. This is a privilege escalation vulnerability.

Recommendations For versions prior to 4.2.10, update to version 4.2.10 or later to resolve the issue. As a temporary workaround, consider restricting write access to the %PROGRAMDATA%ASUSGamingCenterLib directory to prevent malicious file placement.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2021-40981

Affected Products

Asus Rog Armoury Crate Lite

PT-2021-23031 · Asus · Asus Rog Armoury Crate Lite

CVE-2021-40981

Weakness Enumeration

Related Identifiers

Affected Products

References · 9