CVE-2022-36438
Description
AsusSwitch.exe on ASUS Windows PCs has weak file permissions, allowing local privilege escalation and arbitrary file deletion. Fixed in ASUS System Control Interface 3.1.5.0 and AsusSwitch.exe 1.0.10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AsusSwitch.exe on ASUS Windows PCs has weak file permissions, allowing local privilege escalation and arbitrary file deletion. Fixed in ASUS System Control Interface 3.1.5.0 and AsusSwitch.exe 1.0.10.0.
Vulnerability
AsusSwitch.exe, a component of ASUS System Control Interface on ASUS personal computers running Windows, sets weak file permissions. This affects ASUS System Control Interface 3 before version 3.1.5.0 and AsusSwitch.exe before version 1.0.10.0. [1]
Exploitation
An attacker with local access to the system can exploit the weak permissions to modify or replace the executable or its associated files. No additional authentication is required beyond local user access. The attacker can leverage the weak permissions to escalate privileges or delete system files arbitrarily.
Impact
Successful exploitation allows local privilege escalation, enabling the attacker to gain higher-level access. Additionally, the attacker can delete files anywhere on the system, leading to denial of service or system instability.
Mitigation
ASUS released fixed versions: ASUS System Control Interface 3.1.5.0 and AsusSwitch.exe 1.0.10.0. Users should update via ASUS official channels. No workaround is documented. The vulnerability is not listed on CISA KEV as of publication.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.1.5.0
- Range: <1.0.10.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.