Details of VAR-202210-1161

ID

VAR-202210-1161

CVE

CVE-2022-36438

TITLE

ASUSTeK Computer Inc. of asusswitch and system control interface Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019448

DESCRIPTION

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. ASUSTeK Computer Inc. of asusswitch and system control interface There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-36438 // JVNDB: JVNDB-2022-019448 // VULHUB: VHN-432539

AFFECTED PRODUCTS

vendor:	asus	model:	system control interface	scope:	lt	version:	3.1.5.0	Trust: 1.0
vendor:	asus	model:	asusswitch	scope:	lt	version:	1.0.10.0	Trust: 1.0
vendor:	asus	model:	system control interface	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	asustek computer	model:	asusswitch	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	system control interface	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019448 // NVD: CVE-2022-36438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-36438
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-36438
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-1190
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-36438
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-36438
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019448 // CNNVD: CNNVD-202210-1190 // NVD: CVE-2022-36438

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-432539 // JVNDB: JVNDB-2022-019448 // NVD: CVE-2022-36438

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1190

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1190

PATCH

title:

ASUS System Control Interface Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=211491

Trust: 0.6

sources: CNNVD: CNNVD-202210-1190

EXTERNAL IDS

db:	NVD	id:	CVE-2022-36438	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019448	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-1190	Trust: 0.6
db:	VULHUB	id:	VHN-432539	Trust: 0.1

sources: VULHUB: VHN-432539 // JVNDB: JVNDB-2022-019448 // CNNVD: CNNVD-202210-1190 // NVD: CVE-2022-36438

REFERENCES

url:	https://asus.com	Trust: 2.5
url:	https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw_li_asus_com%2fdocuments%2fsecurity%2fcase-220713%2fasus%20switch%20lpe.pdf&parent=%2fpersonal%2fcarinacw_li_asus_com%2fdocuments%2fsecurity%2fcase-220713&ga=1	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-36438	Trust: 0.8
url:	https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713%2fasus%20switch%20lpe%2epdf&parent=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713&ga=1	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-36438/	Trust: 0.6
url:	https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713%2fasus%20switch%20lpe%2epdf&parent=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713&ga=1	Trust: 0.1

sources: VULHUB: VHN-432539 // JVNDB: JVNDB-2022-019448 // CNNVD: CNNVD-202210-1190 // NVD: CVE-2022-36438

SOURCES

db:	VULHUB	id:	VHN-432539
db:	JVNDB	id:	JVNDB-2022-019448
db:	CNNVD	id:	CNNVD-202210-1190
db:	NVD	id:	CVE-2022-36438

LAST UPDATE DATE

2024-08-14T14:02:19.598000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-432539	date:	2022-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-019448	date:	2023-10-25T08:14:00
db:	CNNVD	id:	CNNVD-202210-1190	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-36438	date:	2023-11-07T03:49:38.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-432539	date:	2022-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-019448	date:	2023-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202210-1190	date:	2022-10-18T00:00:00
db:	NVD	id:	CVE-2022-36438	date:	2022-10-18T12:15:09.420