CVE-2022-35899

HIGH

ASUSTeK Aura Ready Game SDK <1.0.0.4 - Privilege Escalation

Title source: llm

Description

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

Exploits (2)

exploitdb WRITEUP

by Angelo Pio Amirante · textlocalwindows

https://www.exploit-db.com/exploits/50985

View Code ZIP pw:eip

nomisec WRITEUP

by angelopioamirante · poc

https://github.com/angelopioamirante/CVE-2022-35899

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/AngeloPioAmirante/CVE-2022-35899

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50985

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 41.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

asus/aura_ready_game_software_development_kit 1.0.0.4

Published Jul 21, 2022

Tracked Since Feb 18, 2026