Asus control center express 01.06.15 unquoted service path Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-04-02 | Type : local | Platform : windows


[+] Code ...

# Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path
Privilege Escalation
# Date: 2024-04-02
# Exploit Author: Alaa Kachouh
# Vendor Homepage:
https://www.asus.com/campaign/ASUS-Control-Center-Express/global/
# Version: Up to 01.06.15
# Tested on: Windows
# CVE: CVE-2024-27673

===================================================================
ASUS Control Center Express Version =< 01.06.15 contains an unquoted
service path which allows attackers to escalate privileges to the system
level.
Assuming attackers have write access to C:\, the attackers can abuse the
Asus service "Apro console service"/apro_console.exe which upon restarting
will invoke C:\Program.exe with SYSTEM privileges.

The binary path of the service alone isn't susceptible, but upon its
initiation, it will execute C:\program.exe as SYSTEM.

Service Name: AProConsoleService
binary impacted: apro_console.exe

# If a malicious payload is inserted into C:\ and service is executed in
any way, this can grant privileged access to the system and perform
malicious activities.