CVE-2024-33220

Published: May 22, 2024Modified: Apr 18, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Affected (1)

Products: Asus: Ai Suite

Asus

1 product

Ai Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Asus Ai Suite	Version 3.03.36

Related CWEs

CWE-782

Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

References (2)

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.