CVE-2022-36439 - Vulnerability Details - OpenCVE

ReportizFlow

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Asus	Asusliveupdate Asussoftwaremanger System Control Interface

Configuration 1 [-]

OR	cpe:2.3:a:asus:asusliveupdate::::::::
	cpe:2.3:a:asus:asussoftwaremanger::::::::
	cpe:2.3:a:asus:system_control_interface::::::::

No data.

References

Link	Providers
https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713%2FAsus%20Arbitary%20File%20Deletion.pdf&parent=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713&ga=1
https://asus.com

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-18T00:00:00

Updated: 2024-08-03T10:07:34.066Z

Reserved: 2022-07-25T00:00:00

Link: CVE-2022-36439

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-18T12:15:09.473

Modified: 2024-11-21T07:13:00.730

Link: CVE-2022-36439

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asus:asusliveupdate:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C53D01A-91FF-4EB0-A3A9-D1FA84F0C87E", "versionEndExcluding": "1.0.45.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:asus:asussoftwaremanger:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B8EBCB6-9EDC-4560-AFDC-204801557352", "versionEndExcluding": "1.0.53.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*", "matchCriteriaId": "89A1422B-BAE4-4096-B7AF-ED8C22AC4E88", "versionEndExcluding": "3.1.5.0", "versionStartIncluding": "3.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0."}, {"lang": "es", "value": "El archivo AsusSoftwareManager.exe en ASUS System Control Interface en ordenadores personales ASUS (con Windows) permite a un usuario local escribir en el directorio Temp y eliminar otro archivo m\u00e1s privilegiado por medio de los privilegios SYSTEM. Esto afecta a ASUS System Control Interface 3 versiones anteriores a 3.1.5.0, AsusSoftwareManger.exe versiones anteriores a 1.0.53.0 y AsusLiveUpdate.dll versiones anteriores a 1.0.45.0"}], "id": "CVE-2022-36439", "lastModified": "2024-11-21T07:13:00.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-10-18T12:15:09.473", "references": [{"source": "[email protected]", "url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713%2FAsus%20Arbitary%20File%20Deletion.pdf&parent=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713&ga=1"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://asus.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713%2FAsus%20Arbitary%20File%20Deletion.pdf&parent=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713&ga=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://asus.com"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}