Cyber Resilience

CVE-2024-33220

HighPublic PoC

Published: 22 May 2024

Published
22 May 2024
Modified
18 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0044 63.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33220 is a high-severity Exposed IOCTL with Insufficient Access Control (CWE-782) vulnerability in Asus Ai Suite. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability in AslO3_64.sys driver allows attackers to escalate privileges and execute arbitrary code via crafted IOCTL requests, directly facilitating Exploitation for Privilege Escalation (T1068).

Affected Assets

asus
ai suite
3.03.36

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References