CVE-2023-26911

EUVD-2023-30703
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
asusarmoury_crate
𝑥
≤ 5.3.4.0
asussetupasusservices
𝑥
≤ 1.0.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://asus.com
http://setupasusservices.com
https://irradiate.com.au/blog/CVE-2023-26911
http://asus.com
http://setupasusservices.com
https://irradiate.com.au/blog/CVE-2023-26911