First published: Tue Oct 18 2022(Updated: )
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Asusliveupdate | <1.0.45.0 | |
Asus Asussoftwaremanger | <1.0.53.0 | |
ASUS System Control Interface | >=3.0.0.0<3.1.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-36439.
The severity of CVE-2022-36439 is medium (CVSS score 6).
Asus Asusliveupdate 1.0.45.0, Asus Asussoftwaremanger 1.0.53.0, and ASUS System Control Interface 3 before 3.1.5.0 are affected by CVE-2022-36439.
A local user can exploit CVE-2022-36439 by writing into the Temp directory and deleting another more privileged file via SYSTEM privileges.
Yes, a fix is available for CVE-2022-36439. Please refer to the official ASUS website for the latest security updates.