CVE-2022-36438 ASUS Switch sets weak file permissions, leading to local privilege escalation. This can be used to delete files arbitrarily.

The latest version is 3.2.2.0, released on 2014-07-25. It is strongly recommended to update to the latest version.

CVE-2014-1624

There is a stack buffer overflow vulnerability in Win32 function CreateFileA that allows an attacker to execute arbitrary code. Details of the vulnerability were released on Nov 22, 2014.

CVE-2014-1715

A stack based buffer overflow exists in the NetXMS client for Microsoft Active Directory (AD).
Inadequate validation of user input in the software could allow remote code execution. Details of the vulnerability were released on Jul 13, 2014.

CVE-2014-1717

A remote code execution exists in the web-based user interface (Web UI) of the NetXMS client for Microsoft Active Directory (AD). Inadequate validation of user input in the software could allow remote code execution. Details of the vulnerability were released on Jul 13, 2014.

CVE-2014-1718

A remote code execution exists in the web-based user interface (Web UI) of the NetXMS client for Microsoft Active Directory (AD). Inadequate validation of user input in the software could allow remote code execution. Details of the vulnerability were released on Jul 13, 2014.

CVE-2014-1719

A remote code execution exists in the web-based user interface (Web UI) of the NetXMS client for Microsoft Active Directory (

Win32k Information Disclosure Vulnerability

This vulnerability is a flaw in the Windows kernel that could allow an attacker to access sensitive information. Details of the vulnerability were released on Jun 11, 2014.

CVE-2014-1720

A remote code execution exists in the web-based user interface (Web UI) of the NetXMS client for Microsoft Active Directory (AD). Inadequate validation of user input in the software could allow remote code execution. Details of the vulnerability were released on Jul 13, 2014.

CVE-2014-1726
A stack buffer overflow exists in Win32k graphics device driver. This can be exploited by attackers to execute arbitrary code by tricking a user into visiting a malicious website or opening a malicious file. Details of the vulnerability were released on Nov 22, 2014.

Microsoft Exchange Server

: Common Vulnerabilities
Microsoft Exchange Server is a popular e-mail and collaboration solution that has been running for over 20 years. It is commonly used in business settings, educational settings, and medical settings. It contains many security vulnerabilities.

Timeline

Published on: 10/18/2022 12:15:00 UTC
Last modified on: 10/20/2022 17:49:00 UTC

References

• https://asus.com
• https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw%5Fli%5Fasus%5Fcom%2FDocuments%2FSecurity%2FCase%2D220713%2FAsus%20Switch%20LPE%2Epdf&parent=%2Fpersonal%2Fcarinacw%5Fli%5Fasus%5Fcom%2FDocuments%2FSecurity%2FCase%2D220713&ga=1
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36438