PT-2022-23006 · Asustek · Asustek Aura Ready Game Sdk
Angelo Pio Amirante
·
Published
2022-07-20
·
Updated
2022-10-06
·
CVE-2022-35899
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ASUSTeK Aura Ready Game SDK service (GameSDK.exe) version 1.0.0.4
Description
The issue is related to an unquoted service path in the ASUSTeK Aura Ready Game SDK service. This might allow a local user to escalate privileges by creating a
%PROGRAMFILES(X86)%ASUSGameSDK.exe file.Recommendations
For version 1.0.0.4, consider quoting the service path to prevent potential privilege escalation. As a temporary workaround, restrict access to the GameSDK.exe service until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asustek Aura Ready Game Sdk