Description
An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution. Refer to the "Security Update for ASUS ROG peripheral driver" section on the ASUS Security Advisory for more information.
Published: 2026-03-12
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an insufficient integrity verification in the installation process of ASUS ROG peripheral drivers. Improper access control on the driver installation directory creates a race condition that allows a local user to replace the legitimate installer with malicious code immediately after download. Targeting this flaw can lead to arbitrary code execution and privilege escalation to SYSTEM, compromising system integrity and any data handled by the affected components. This weakness is related to CWE‑494.

Affected Systems

Affected systems are ASUS ROG peripheral drivers for headset, keyboard, and mouse devices. The CVE data does not list specific vulnerable versions, so all publicly released drivers prior to the security update are potentially susceptible.

Risk and Exploitability

The stated CVSS base score is 5.4, indicating moderate severity. The EPSS score is below 1%, suggesting a low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that the attack vector requires local file system write access to the installer directory, so a local attacker with user privileges can trigger the race condition. If the exploit is successfully triggered, the attacker can execute arbitrary code with SYSTEM privileges.

Generated by OpenCVE AI on March 18, 2026 at 14:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official ASUS security update for ROG peripheral drivers as described in the ASUS Security Advisory.
  • Restrict write permissions on the driver installation directory to SYSTEM only to prevent unauthorized installer substitution.
  • Verify the integrity of downloaded installer packages by checking digital signatures or checksums before installation.

Generated by OpenCVE AI on March 18, 2026 at 14:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.asus.com/security-advisory/ cve-icon cve-icon
History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Untrusted Installer Substitution in ASUS ROG Peripheral Driver

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution. Refer to the "Security Update for ASUS ROG peripheral driver" section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus driver Headset
Asus driver Keyboard Mouse
Weaknesses CWE-494
CPEs cpe:2.3:a:asus:driver_headset_:*:*:*:*:*:*:*:*
cpe:2.3:a:asus:driver_keyboard_mouse_:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus driver Headset
Asus driver Keyboard Mouse
References
Metrics cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Asus Driver Headset Driver Keyboard Mouse
cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-03-13T03:55:39.102Z

Reserved: 2026-02-04T07:15:59.413Z

Link: CVE-2026-1878

cve-icon Vulnrichment

Updated: 2026-03-12T13:14:49.518Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T03:15:57.570

Modified: 2026-03-12T21:07:53.427

Link: CVE-2026-1878

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:13Z

Weaknesses