⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-18537

3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 74.74%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Asus Aura Sync Firmware
Timeline
PublishedDec 26
Latest updateMay 13

Description

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7qmc-mwv7-pcgv: The GLCKIo low-level driver in ASUS Aura Sync v12022-05-13
CVEList
CVE-2018-18537: The GLCKIo low-level driver in ASUS Aura Sync v12018-12-26
CVE-2018-18537 (MEDIUM CVSS 5.5) | The GLCKIo low-level driver in ASUS | cvebase.io