Sign-up

ID

VAR-202302-1223


CVE

CVE-2022-42455


TITLE

ASUSTeK Computer Inc.  of  armoury crate  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019544

DESCRIPTION

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges. ASUSTeK Computer Inc. of armoury crate Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-42455 // JVNDB: JVNDB-2022-019544 // VULHUB: VHN-439079 // VULMON: CVE-2022-42455

AFFECTED PRODUCTS

vendor:asusmodel:armoury cratescope:ltversion:5.3.4.1

Trust: 1.0

vendor:asustek computermodel:armoury cratescope: - version: -

Trust: 0.8

vendor:asustek computermodel:armoury cratescope:eqversion: -

Trust: 0.8

vendor:asustek computermodel:armoury cratescope:eqversion:5.3.4.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-019544 // NVD: CVE-2022-42455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42455
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-42455
value: HIGH

Trust: 1.0

NVD: CVE-2022-42455
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1310
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-42455
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-42455
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019544 // CNNVD: CNNVD-202302-1310 // NVD: CVE-2022-42455 // NVD: CVE-2022-42455

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019544 // NVD: CVE-2022-42455

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1310

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1310

PATCH

title:ASUS Armoury Crate Service Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226766

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-42455

Trust: 0.1

sources: VULMON: CVE-2022-42455 // CNNVD: CNNVD-202302-1310

EXTERNAL IDS

db:NVDid:CVE-2022-42455

Trust: 3.4

db:JVNDBid:JVNDB-2022-019544

Trust: 0.8

db:CNNVDid:CNNVD-202302-1310

Trust: 0.6

db:VULHUBid:VHN-439079

Trust: 0.1

db:VULMONid:CVE-2022-42455

Trust: 0.1

sources: VULHUB: VHN-439079 // VULMON: CVE-2022-42455 // JVNDB: JVNDB-2022-019544 // CNNVD: CNNVD-202302-1310 // NVD: CVE-2022-42455

REFERENCES

url:https://github.com/mandiant/vulnerability-disclosures/blob/master/2023/mndt-2023-0003.md

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-42455

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-42455/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-42455

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-439079 // VULMON: CVE-2022-42455 // JVNDB: JVNDB-2022-019544 // CNNVD: CNNVD-202302-1310 // NVD: CVE-2022-42455

SOURCES

db:VULHUBid:VHN-439079
db:VULMONid:CVE-2022-42455
db:JVNDBid:JVNDB-2022-019544
db:CNNVDid:CNNVD-202302-1310
db:NVDid:CVE-2022-42455

LAST UPDATE DATE

2025-03-20T23:14:45.248000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439079date:2023-02-24T00:00:00
db:VULMONid:CVE-2022-42455date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019544date:2023-10-26T04:24:00
db:CNNVDid:CNNVD-202302-1310date:2023-02-27T00:00:00
db:NVDid:CVE-2022-42455date:2025-03-19T18:15:17.673

SOURCES RELEASE DATE

db:VULHUBid:VHN-439079date:2023-02-15T00:00:00
db:VULMONid:CVE-2022-42455date:2023-02-15T00:00:00
db:JVNDBid:JVNDB-2022-019544date:2023-10-26T00:00:00
db:CNNVDid:CNNVD-202302-1310date:2023-02-15T00:00:00
db:NVDid:CVE-2022-42455date:2023-02-15T21:15:10.637