CVE-2022-36439 - OpenCVE

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Asus	System Control Interface Asussoftwaremanger Asusliveupdate

Configuration 1 [-]

OR	cpe:2.3:a:asus:asusliveupdate::::::::
	cpe:2.3:a:asus:asussoftwaremanger::::::::
	cpe:2.3:a:asus:system_control_interface::::::::

References

Link	Resource
https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713%2FAsus%20Arbitary%20File%20Deletion.pdf&parent=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713&ga=1
https://asus.com	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-18T00:00:00

Updated: 2022-10-18T00:00:00

Reserved: 2022-07-25T00:00:00

Link: CVE-2022-36439

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-18T12:15:09.473

Modified: 2023-11-07T03:49:38.340

Link: CVE-2022-36439

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asus:asusliveupdate:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C53D01A-91FF-4EB0-A3A9-D1FA84F0C87E", "versionEndExcluding": "1.0.45.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:asus:asussoftwaremanger:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B8EBCB6-9EDC-4560-AFDC-204801557352", "versionEndExcluding": "1.0.53.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*", "matchCriteriaId": "89A1422B-BAE4-4096-B7AF-ED8C22AC4E88", "versionEndExcluding": "3.1.5.0", "versionStartIncluding": "3.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0."}, {"lang": "es", "value": "El archivo AsusSoftwareManager.exe en ASUS System Control Interface en ordenadores personales ASUS (con Windows) permite a un usuario local escribir en el directorio Temp y eliminar otro archivo m\u00e1s privilegiado por medio de los privilegios SYSTEM. Esto afecta a ASUS System Control Interface 3 versiones anteriores a 3.1.5.0, AsusSoftwareManger.exe versiones anteriores a 1.0.53.0 y AsusLiveUpdate.dll versiones anteriores a 1.0.45.0"}], "id": "CVE-2022-36439", "lastModified": "2023-11-07T03:49:38.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-18T12:15:09.473", "references": [{"source": "cve@mitre.org", "url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713%2FAsus%20Arbitary%20File%20Deletion.pdf&parent=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713&ga=1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://asus.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}