Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for System Control Interface by ASUS
CVE-2026-15030 (GCVE-0-2026-15030)
Vulnerability from nvd – Published: 2026-07-15 02:01 – Updated: 2026-07-15 02:01- CWE-125 - Out-of-bounds Read
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | System Control Interface v3 |
Affected:
0 , < v3.1.65.0
(custom)
|
|
| ASUS | System Control Interface |
Affected:
0 , < v1.1.40.0
(custom)
|
|
| ASUS | Business Manager |
Affected:
0 , ≤ v3.0.38.0
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System Control Interface v3",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v3.1.65.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v1.1.40.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Business Manager",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "v3.0.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface_v3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v3.1.65.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.1.40.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:business_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "v3.0.38.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation.\u003cbr\u003eRefer to the \u0027\u0026nbsp;Security Update for ASUS System Control Interface\u0026nbsp;\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation.\nRefer to the \u0027\u00a0Security Update for ASUS System Control Interface\u00a0\u00a0\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:01:24.038Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2026-15030",
"datePublished": "2026-07-15T02:01:24.038Z",
"dateReserved": "2026-07-08T07:18:46.459Z",
"dateUpdated": "2026-07-15T02:01:24.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15029 (GCVE-0-2026-15029)
Vulnerability from nvd – Published: 2026-07-15 02:01 – Updated: 2026-07-15 02:01- CWE-822 - Untrusted Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | System Control Interface v3 |
Affected:
0 , < v3.1.65.0
(custom)
|
|
| ASUS | System Control Interface |
Affected:
0 , < v1.1.40.0
(custom)
|
|
| ASUS | Business Manager |
Affected:
0 , ≤ v3.0.38.0
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System Control Interface v3",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v3.1.65.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v1.1.40.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Business Manager",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "v3.0.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface_v3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v3.1.65.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.1.40.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:business_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "v3.0.38.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections.\u003cbr\u003eRefer to the \u0027\u0026nbsp;\nSecurity Update for ASUS System Control Interface\u0026nbsp;\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections.\nRefer to the \u0027\u00a0\nSecurity Update for ASUS System Control Interface\u00a0\u00a0\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:01:33.203Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2026-15029",
"datePublished": "2026-07-15T02:01:33.203Z",
"dateReserved": "2026-07-08T07:18:44.846Z",
"dateUpdated": "2026-07-15T02:01:33.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13585 (GCVE-0-2026-13585)
Vulnerability from nvd – Published: 2026-07-15 02:01 – Updated: 2026-07-15 02:01| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | System Control Interface v3 |
Affected:
0 , < v3.1.66.0
(custom)
|
|
| ASUS | System Control Interface |
Affected:
0 , < v1.1.40.0
(custom)
|
|
| ASUS | Business Manager |
Affected:
0 , ≤ v3.0.38.0
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System Control Interface v3",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v3.1.66.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v1.1.40.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Business Manager",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "v3.0.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface_v3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v3.1.66.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.1.40.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:business_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "v3.0.38.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rehman Ahmadzai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system.\u003cbr\u003eRefer to the \u0027\u0026nbsp;\nSecurity Update for ASUS System Control Interface\u0026nbsp;\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system.\nRefer to the \u0027\u00a0\nSecurity Update for ASUS System Control Interface\u00a0\u00a0\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:01:10.343Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/security-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2026-13585",
"datePublished": "2026-07-15T02:01:10.343Z",
"dateReserved": "2026-06-29T00:35:42.676Z",
"dateUpdated": "2026-07-15T02:01:10.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15029 (GCVE-0-2026-15029)
Vulnerability from cvelistv5 – Published: 2026-07-15 02:01 – Updated: 2026-07-15 02:01- CWE-822 - Untrusted Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | System Control Interface v3 |
Affected:
0 , < v3.1.65.0
(custom)
|
|
| ASUS | System Control Interface |
Affected:
0 , < v1.1.40.0
(custom)
|
|
| ASUS | Business Manager |
Affected:
0 , ≤ v3.0.38.0
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System Control Interface v3",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v3.1.65.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v1.1.40.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Business Manager",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "v3.0.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface_v3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v3.1.65.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.1.40.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:business_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "v3.0.38.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections.\u003cbr\u003eRefer to the \u0027\u0026nbsp;\nSecurity Update for ASUS System Control Interface\u0026nbsp;\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections.\nRefer to the \u0027\u00a0\nSecurity Update for ASUS System Control Interface\u00a0\u00a0\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:01:33.203Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2026-15029",
"datePublished": "2026-07-15T02:01:33.203Z",
"dateReserved": "2026-07-08T07:18:44.846Z",
"dateUpdated": "2026-07-15T02:01:33.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15030 (GCVE-0-2026-15030)
Vulnerability from cvelistv5 – Published: 2026-07-15 02:01 – Updated: 2026-07-15 02:01- CWE-125 - Out-of-bounds Read
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | System Control Interface v3 |
Affected:
0 , < v3.1.65.0
(custom)
|
|
| ASUS | System Control Interface |
Affected:
0 , < v1.1.40.0
(custom)
|
|
| ASUS | Business Manager |
Affected:
0 , ≤ v3.0.38.0
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System Control Interface v3",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v3.1.65.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v1.1.40.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Business Manager",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "v3.0.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface_v3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v3.1.65.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.1.40.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:business_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "v3.0.38.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation.\u003cbr\u003eRefer to the \u0027\u0026nbsp;Security Update for ASUS System Control Interface\u0026nbsp;\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation.\nRefer to the \u0027\u00a0Security Update for ASUS System Control Interface\u00a0\u00a0\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:01:24.038Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2026-15030",
"datePublished": "2026-07-15T02:01:24.038Z",
"dateReserved": "2026-07-08T07:18:46.459Z",
"dateUpdated": "2026-07-15T02:01:24.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13585 (GCVE-0-2026-13585)
Vulnerability from cvelistv5 – Published: 2026-07-15 02:01 – Updated: 2026-07-15 02:01| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | System Control Interface v3 |
Affected:
0 , < v3.1.66.0
(custom)
|
|
| ASUS | System Control Interface |
Affected:
0 , < v1.1.40.0
(custom)
|
|
| ASUS | Business Manager |
Affected:
0 , ≤ v3.0.38.0
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System Control Interface v3",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v3.1.66.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "v1.1.40.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Business Manager",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "v3.0.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface_v3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v3.1.66.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.1.40.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:business_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "v3.0.38.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rehman Ahmadzai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system.\u003cbr\u003eRefer to the \u0027\u0026nbsp;\nSecurity Update for ASUS System Control Interface\u0026nbsp;\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system.\nRefer to the \u0027\u00a0\nSecurity Update for ASUS System Control Interface\u00a0\u00a0\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:01:10.343Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/security-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2026-13585",
"datePublished": "2026-07-15T02:01:10.343Z",
"dateReserved": "2026-06-29T00:35:42.676Z",
"dateUpdated": "2026-07-15T02:01:10.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-202210-1645
Vulnerability from variot - Updated: 2023-12-18 14:03AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0. ASUSTeK Computer Inc. of asusliveupdate , asussoftwaremanger , system control interface Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1645",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system control interface",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.1.5.0"
},
{
"model": "asussoftwaremanger",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.53.0"
},
{
"model": "asusliveupdate",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.45.0"
},
{
"model": "system control interface",
"scope": "gte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.0"
},
{
"model": "asussoftwaremanger",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "system control interface",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "asusliveupdate",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"db": "NVD",
"id": "CVE-2022-36439"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.5.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:asus:asusliveupdate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.45.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:asus:asussoftwaremanger:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.53.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36439"
}
]
},
"cve": "CVE-2022-36439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.0,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-36439",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-36439",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1188",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"db": "NVD",
"id": "CVE-2022-36439"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0. ASUSTeK Computer Inc. of asusliveupdate , asussoftwaremanger , system control interface Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36439"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"db": "VULHUB",
"id": "VHN-432540"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36439",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019447",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1188",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432540",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"db": "NVD",
"id": "CVE-2022-36439"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
]
},
"id": "VAR-202210-1645",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432540"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:03:41.870000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUS System Control Interface Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=211489"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"db": "NVD",
"id": "CVE-2022-36439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://asus.com"
},
{
"trust": 1.0,
"url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw_li_asus_com%2fdocuments%2fsecurity%2fcase-220713%2fasus%20arbitary%20file%20deletion.pdf\u0026parent=%2fpersonal%2fcarinacw_li_asus_com%2fdocuments%2fsecurity%2fcase-220713\u0026ga=1"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36439"
},
{
"trust": 0.6,
"url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713%2fasus%20arbitary%20file%20deletion%2epdf\u0026parent=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713\u0026ga=1"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36439/"
},
{
"trust": 0.1,
"url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713%2fasus%20arbitary%20file%20deletion%2epdf\u0026amp;parent=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713\u0026amp;ga=1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"db": "NVD",
"id": "CVE-2022-36439"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"db": "NVD",
"id": "CVE-2022-36439"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-432540"
},
{
"date": "2023-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"date": "2022-10-18T12:15:09.473000",
"db": "NVD",
"id": "CVE-2022-36439"
},
{
"date": "2022-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-432540"
},
{
"date": "2023-10-25T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019447"
},
{
"date": "2023-11-07T03:49:38.340000",
"db": "NVD",
"id": "CVE-2022-36439"
},
{
"date": "2022-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ASUSTeK\u00a0Computer\u00a0Inc.\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019447"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1188"
}
],
"trust": 0.6
}
}
VAR-202210-1161
Vulnerability from variot - Updated: 2023-12-18 12:25AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. ASUSTeK Computer Inc. of asusswitch and system control interface There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system control interface",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.1.5.0"
},
{
"model": "system control interface",
"scope": "gte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.0"
},
{
"model": "asusswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.10.0"
},
{
"model": "asusswitch",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "system control interface",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"db": "NVD",
"id": "CVE-2022-36438"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:asus:asusswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:asus:system_control_interface:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.5.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36438"
}
]
},
"cve": "CVE-2022-36438",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-36438",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-36438",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1190",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"db": "NVD",
"id": "CVE-2022-36438"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. ASUSTeK Computer Inc. of asusswitch and system control interface There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36438"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"db": "VULHUB",
"id": "VHN-432539"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36438",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019448",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1190",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432539",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432539"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"db": "NVD",
"id": "CVE-2022-36438"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
]
},
"id": "VAR-202210-1161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432539"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:25:48.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUS System Control Interface Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=211491"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432539"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"db": "NVD",
"id": "CVE-2022-36438"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://asus.com"
},
{
"trust": 1.0,
"url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw_li_asus_com%2fdocuments%2fsecurity%2fcase-220713%2fasus%20switch%20lpe.pdf\u0026parent=%2fpersonal%2fcarinacw_li_asus_com%2fdocuments%2fsecurity%2fcase-220713\u0026ga=1"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36438"
},
{
"trust": 0.6,
"url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713%2fasus%20switch%20lpe%2epdf\u0026parent=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713\u0026ga=1"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36438/"
},
{
"trust": 0.1,
"url": "https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713%2fasus%20switch%20lpe%2epdf\u0026amp;parent=%2fpersonal%2fcarinacw%5fli%5fasus%5fcom%2fdocuments%2fsecurity%2fcase%2d220713\u0026amp;ga=1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432539"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"db": "NVD",
"id": "CVE-2022-36438"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432539"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"db": "NVD",
"id": "CVE-2022-36438"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-432539"
},
{
"date": "2023-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"date": "2022-10-18T12:15:09.420000",
"db": "NVD",
"id": "CVE-2022-36438"
},
{
"date": "2022-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-432539"
},
{
"date": "2023-10-25T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019448"
},
{
"date": "2023-11-07T03:49:38.273000",
"db": "NVD",
"id": "CVE-2022-36438"
},
{
"date": "2022-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSTeK\u00a0Computer\u00a0Inc.\u00a0 of \u00a0asusswitch\u00a0 and \u00a0system\u00a0control\u00a0interface\u00a0 Vulnerability regarding improper default permissions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019448"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1190"
}
],
"trust": 0.6
}
}