PT-2022-3523 · Asus · Asus Control Center

Cyku Hong

Published

2022-03-08

Updated

2022-06-27

CVE-2022-26668

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ASUS Control Center (affected versions not specified)

Description The issue is related to a broken access control vulnerability in the ASUS Control Center API. This allows an unauthenticated remote attacker to call privileged API functions, which can result in partial system operations or cause a partial disruption of service. The vulnerability is associated with insecure privilege management, potentially enabling a remote attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-269

Related Identifiers

BDU:2022-04304

CVE-2022-26668

Affected Products

Asus Control Center

PT-2022-3523 · Asus · Asus Control Center

CVE-2022-26668

Weakness Enumeration

Related Identifiers

Affected Products

References · 6