PT-2025-3110 · Asus · Asus System Analysis Io
Heyheysky
·
Published
2025-01-06
·
Updated
2025-01-07
·
CVE-2024-55408
CVSS v4.0
5.1
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
ASUS System Analysis IO version 1.0.0
Description
The issue is related to improper access control in the AsusSAIO.sys driver, which may allow the misuse of software functionality when crafted IOCTL requests are supplied. This can lead to arbitrary read and write actions, potentially allowing attackers to perform unauthorized operations.
Recommendations
For ASUS System Analysis IO version 1.0.0, consider disabling the AsusSAIO.sys driver until a patch is available to prevent the misuse of software functionality. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using crafted IOCTL requests in the affected driver until the issue is resolved.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asus System Analysis Io