CVE-2022-22814 – CVE-2022-22814 is a privilege escalation vulner... (How to Fix)

Q: What is the severity of CVE-2022-22814?

CVE-2022-22814 has a CVSS score of 9.8 (CRITICAL). CVE-2022-22814 is a privilege escalation vulnerability in the MyASUS System Diagnosis service. It allows local attackers to execute arbitrary code with SYSTEM privileges on Windows systems. This affects users running MyASUS software on ASUS devices.

📋 TL;DR

CVE-2022-22814 is a privilege escalation vulnerability in the MyASUS System Diagnosis service. It allows local attackers to execute arbitrary code with SYSTEM privileges on Windows systems. This affects users running MyASUS software on ASUS devices.

💻 Affected Systems

Products:

MyASUS

Versions: Versions before 3.1.2.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects ASUS devices with MyASUS software installed. The System Diagnosis service runs with elevated privileges.

📦 What is this software?

Myasus by Asus

View all CVEs affecting Myasus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining SYSTEM privileges, enabling installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation leading to administrative control over the system, potentially used as part of attack chains or for malware persistence.

🟢

If Mitigated

Limited impact if proper endpoint protection and least privilege principles are enforced, though local access could still be leveraged.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring initial access to the system.

🏢 Internal Only: HIGH - Once an attacker gains local access (through phishing, malware, etc.), they can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. The vulnerability is in a service that runs with high privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.2.0 and later

Vendor Advisory: https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

Restart Required: Yes

Instructions:

1. Open MyASUS application. 2. Check for updates in settings. 3. Install update to version 3.1.2.0 or later. 4. Restart the system.

🔧 Temporary Workarounds

Disable MyASUS System Diagnosis Service

windows

Temporarily disable the vulnerable service until patching is possible

sc stop "MyASUSSystemDiagnosis"
sc config "MyASUSSystemDiagnosis" start= disabled

🧯 If You Can't Patch

Remove MyASUS software entirely if not required
Implement strict endpoint controls and monitor for suspicious privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check MyASUS version in the application or via 'wmic product get name,version' for MyASUS entries

Check Version:

wmic product where "name like '%MyASUS%'" get name,version

Verify Fix Applied:

Confirm MyASUS version is 3.1.2.0 or higher and the System Diagnosis service is running the updated version

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from MyASUSSystemDiagnosis service
Privilege escalation attempts in Windows Event Logs (Event ID 4688)

Network Indicators:

No specific network indicators as this is local exploitation

SIEM Query:

EventID=4688 AND (NewProcessName LIKE '%MyASUS%' OR ParentProcessName LIKE '%MyASUS%') AND IntegrityLevel=System

📊 Metadata

CVE ID: CVE-2022-22814

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: March 10, 2022

Last Updated: November 21, 2024

🔗 References

https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/ Vendor Advisory
https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON