Vulnerability Description
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Armoury Crate | <= 5.3.4.0 |
| Asus | Setupasusservices | <= 1.0.5.1 |
Related Weaknesses (CWE)
References
- http://asus.comProduct
- http://setupasusservices.comProduct
- https://irradiate.com.au/blog/CVE-2023-26911Third Party Advisory
- http://asus.comProduct
- http://setupasusservices.comProduct
- https://irradiate.com.au/blog/CVE-2023-26911Third Party Advisory
FAQ
What is CVE-2023-26911?
CVE-2023-26911 is a vulnerability with a CVSS score of 7.8 (HIGH). ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
How severe is CVE-2023-26911?
CVE-2023-26911 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26911?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Armoury Crate, Asus Setupasusservices.