CVE-2019-17603
First published: Tue Jun 02 2020(Updated: )
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Aura Sync | <=1.07.71 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Asus Aura Sync vulnerability?
The vulnerability ID for this Asus Aura Sync vulnerability is CVE-2019-17603.
What is the severity of CVE-2019-17603?
The severity of CVE-2019-17603 is high with a severity value of 7.8.
What is the affected software for CVE-2019-17603?
The affected software for CVE-2019-17603 is Asus Aura Sync version up to and including 1.07.71.
How can a local user exploit CVE-2019-17603?
A local user can exploit CVE-2019-17603 by sending crafted IOCTL requests using kernel addresses to trigger memory corruption, which can cause a denial of service or gain privileges.
Are there any references available for CVE-2019-17603?
Yes, there are references available for CVE-2019-17603. You can find them at the following URLs: <reference_1>, <reference_2>.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/asus
- canonical/asus aura sync
- version/asus aura sync/1.07.71