CVE-2024-55408

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.1%

top 68.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Asci

Timeline

PublishedJan 6

Description

An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5asus/ascibefore 1.0.30.0, before 3.1.41.0+1

🔴Vulnerability Details

CVEList

CVE-2024-55408: An improper access control vulnerability in the AsusSAIO↗2025-01-06

▶

GHSA

GHSA-f48j-vwm8-858j: An issue in the AsusSAIO↗2025-01-06

▶