ASUS DriverHub Origin Validation Vulnerability Allowing Unauthorized HTTP Request Interaction
Vulnerability
A vulnerability exists in ASUS DriverHub, specifically on motherboards, due to inadequate validation of HTTP request origins. This flaw enables unauthorized sources to interact with the software's functionalities by sending crafted HTTP requests. The issue is not present in laptops, desktop computers, or other endpoints. Exploitation of this vulnerability could lead to unauthorized actions within the DriverHub application, which manages driver installations and updates.
Impact
Successful exploitation allows for remote code execution on the affected system, with the executed code running with administrative privileges.
Reproduction
The vulnerability can be reproduced by sending HTTP requests to the ASUS DriverHub RPC service on the local machine. The origin header must be set to a subdomain of 'driverhub.asus.com' to bypass the origin check. Once the request is accepted, the 'UpdateApp' endpoint can be used to download and execute malicious payloads, taking advantage of the application's handling of signed executables.
Remediation
ASUS has released a security update for ASUS DriverHub. Users should check the ASUS Product Security Advisory page for the latest update information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.