CVE-2020-10649

Published: Mar 25, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.

Affected (1)

Products: Asus: Device Activation

Asus

1 product

Device Activation

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Device Activation	Before 1.0.7.0

Running on/with	Platform Versions
Microsoft Windows 10	All versions

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (8)

https://drive.google.com/file/d/1Ap293b7bZLen6DmheppR1IUFEAsCSORC/view?usp=sharing

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://www.asus.com/Laptops/ASUS-TUF-Gaming-FX504/HelpDesk_Download/

Source: cve@mitre.org

Vendor Advisory

https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

Source: cve@mitre.org

Vendor Advisory

https://www.asus.com/support/FAQ/1042640/

Source: cve@mitre.org

Vendor Advisory

https://drive.google.com/file/d/1Ap293b7bZLen6DmheppR1IUFEAsCSORC/view?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://www.asus.com/Laptops/ASUS-TUF-Gaming-FX504/HelpDesk_Download/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.asus.com/support/FAQ/1042640/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.