ASUS DriverHub Insufficient Validation Vulnerability Leading to Origin Validation Bypass and Remote Code Execution
Vulnerability
A vulnerability in ASUS DriverHub, specifically affecting motherboards, allows untrusted sources to manipulate system behavior through crafted HTTP requests. The issue arises from inadequate validation of the request origin, which can be exploited to execute arbitrary code remotely. This vulnerability is not present in laptops, desktop computers, or other endpoints.
Impact
Exploitation of this vulnerability allows for arbitrary remote code execution on the affected system, with the executed code running with administrative privileges.
Reproduction
The vulnerability can be reproduced by sending HTTP requests to the ASUS DriverHub RPC service with a spoofed origin header that bypasses the application's origin validation. Once the request is accepted, the 'UpdateApp' endpoint can be used to download and execute a malicious executable, taking advantage of the application's handling of signed ASUS binaries.
Remediation
ASUS has released a security update for ASUS DriverHub. Users can check the ASUS Product Security Advisory page for more information on the update.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.