CVE-2024-55408 MEDIUM

CVE-2024-55408

Vendor Asus
Product ASCI
Weakness CWE-862 · Missing authorization
Published January 6, 2025
Last update February 11, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied.

Key dates

02Disclosure timeline

January 6, 2025 CVE published
February 11, 2025 Record updated