cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5716,https://securityvulnerability.io/vulnerability/CVE-2023-5716,ASUS Armoury Crate - Arbitrary File Write,"ASUS Armoury Crate is susceptible to an arbitrary file write vulnerability that permits remote attackers to upload or modify files on affected systems without adequate permissions. This vulnerability can be exploited by sending specially crafted HTTP requests, leading to unauthorized access to sensitive files. The potential impact of this vulnerability underscores the necessity for users to monitor their systems for exploitation attempts and apply recommended security updates promptly.",Asus,Armoury Crate,9.8,CRITICAL,0.001560000004246831,false,false,false,false,,false,false,2024-01-19T03:07:46.663Z,0
CVE-2023-26911,https://securityvulnerability.io/vulnerability/CVE-2023-26911,Unquoted Service Path Vulnerability in Asus Armoury Crate,"ASUS Armoury Crate versions include an unquoted service path vulnerability in SetupAsusServices that enables local users to execute processes with elevated privileges. This configuration flaw can be exploited to gain unauthorized control over the affected system, presenting a significant risk to data integrity and security. It is essential for users to implement the latest updates and monitor for unauthorized changes to service configurations.",Asus,"Armoury Crate,Setupasusservices",7.8,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2023-07-26T00:00:00.000Z,0
CVE-2022-42455,https://securityvulnerability.io/vulnerability/CVE-2022-42455,Privilege Escalation Vulnerability in ASUS EC Tool Driver,"The ASUS EC Tool driver, specifically version 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, features multiple IOCTL handlers that enable local users to execute unprivileged IOCTL calls providing raw access to port I/O and model-specific registers (MSRs). This vulnerability allows local users to escalate their privileges, potentially compromising system security.",Asus,Armoury Crate,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-02-15T00:00:00.000Z,0
CVE-2022-38699,https://securityvulnerability.io/vulnerability/CVE-2022-38699,ASUS Armoury Crate Service - Arbitrary File Creation via Elevation of Privilege Flaw,"Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.",Asus,Armoury Crate Service,5.9,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-09-28T04:15:00.000Z,0
CVE-2022-22262,https://securityvulnerability.io/vulnerability/CVE-2022-22262,ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access,"ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.",Asus,Armoury Crate & Aura Creator Installer (rog Live Service),7.7,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2022-01-31T00:00:00.000Z,0
CVE-2021-40981,https://securityvulnerability.io/vulnerability/CVE-2021-40981,,ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.,Asus,Armoury Crate Lite Service,7.3,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2021-09-27T05:43:59.000Z,0