Back to overview

CVE-2026-13585

HIGH
8.2
CVSS 4.0
Description
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system. Refer to the '  Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.

Metadata

CVE ID
CVE-2026-13585
State
PUBLISHED
Assigner
ASUS
Reserved
2026-06-29 00:35 UTC
Published
2026-07-15 02:01 UTC
Last updated
2026-07-15 02:01 UTC
Primary CWE
CWE-770
CWE-770: Allocation of Resources Without Limits or Throttlin…
Vendor / Product
ASUS / System Control Interface v3
Sources
cve.org  ·  NVD

Severity & Metrics

8.2 HIGH CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:N/SA:H
Affected products (3)
VendorProductPlatformVersions
ASUS Business Manager 0 ≤ v3.0.38.0
ASUS System Control Interface 0 < v1.1.40.0
ASUS System Control Interface v3 0 < v3.1.66.0
Weakness (CWE)
CWESourceDescription
CWE-226 cna CWE-226: Sensitive Information in Resource Not Removed Before Reuse
CWE-770 cna CWE-770: Allocation of Resources Without Limits or Throttling
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.2 HIGH 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:N/SA:H
Back to overview