CVE-2024-33220
Published: 22 May 2024
Summary
CVE-2024-33220 is a high-severity Exposed IOCTL with Insufficient Access Control (CWE-782) vulnerability in Asus Ai Suite. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30965
Vulnerability details
An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in AslO3_64.sys driver allows attackers to escalate privileges and execute arbitrary code via crafted IOCTL requests, directly facilitating Exploitation for Privilege Escalation (T1068).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.