CVE-2022-36438

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface versions prior to 3.1.5.0 AsusSwitch.exe versions prior to 1.0.10.0

Description The issue is related to incorrect default permissions in the System Control Interface and AsusSwitch drivers for Windows operating systems. This can be exploited to allow an attacker to elevate their privileges in the system, potentially leading to arbitrary file deletion within the system.

Recommendations For ASUS System Control Interface versions prior to 3.1.5.0, update to version 3.1.5.0 or later to resolve the issue. For AsusSwitch.exe versions prior to 1.0.10.0, update to version 1.0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AsusSwitch.exe file to minimize the risk of exploitation.