Allele Security Alert
ASA-2018-00096, CORE-2017-0012, CVE-2018-18536
Drivers allow non-privileged user access to port mapped I/O
ASUS Aura Sync
ASUS Aura Sync v1.07.22 and previous versions
Proof of concept
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges.
Both GLCKIo and Asusgio expose a functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Diego Juarez (SecureAuth) and Leandro Cuozzo (SecureAuth)
ASUS Drivers Elevation of Privilege Vulnerabilities
[CORE-2017-0012] – ASUS Drivers Elevation of Privilege Vulnerabilities
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 3, 2019