CVE-2026-1878

An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution. Refer to the "Security Update for ASUS ROG peripheral driver" section on the ASUS Security Advisory for more information.

CVSS

No CVSS.

References

Link	Resource
https://www.asus.com/security-advisory/

Configurations

No configuration.

History

12 Mar 2026, 21:07

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de Verificación de Integridad Insuficiente en el proceso de instalación del controlador de periféricos ASUS ROG permite la escalada de privilegios a SYSTEM. La vulnerabilidad se debe a un control de acceso inadecuado en el directorio de instalación, lo que permite la explotación de una condición de carrera donde el instalador legítimo es sustituido por una carga útil inesperada inmediatamente después de la descarga, lo que resulta en la ejecución de código arbitrario. Consulte la sección 'Actualización de seguridad para el controlador de periféricos ASUS ROG' en el Aviso de Seguridad de ASUS para más información.

12 Mar 2026, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-12 03:15

Updated : 2026-03-12 21:07

NVD link : CVE-2026-1878

Mitre link : CVE-2026-1878

CVE.ORG link : CVE-2026-1878

JSON object : View

Products Affected

No product.

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2026-1878", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-12T03:15:57.570", "references": [{"url": "https://www.asus.com/security-advisory/", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution.\u00a0Refer to the \"Security Update for ASUS ROG peripheral driver\" section on the ASUS Security Advisory for more information."}, {"lang": "es", "value": "Una vulnerabilidad de Verificaci\u00f3n de Integridad Insuficiente en el proceso de instalaci\u00f3n del controlador de perif\u00e9ricos ASUS ROG permite la escalada de privilegios a SYSTEM. La vulnerabilidad se debe a un control de acceso inadecuado en el directorio de instalaci\u00f3n, lo que permite la explotaci\u00f3n de una condici\u00f3n de carrera donde el instalador leg\u00edtimo es sustituido por una carga \u00fatil inesperada inmediatamente despu\u00e9s de la descarga, lo que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario. Consulte la secci\u00f3n 'Actualizaci\u00f3n de seguridad para el controlador de perif\u00e9ricos ASUS ROG' en el Aviso de Seguridad de ASUS para m\u00e1s informaci\u00f3n."}], "lastModified": "2026-03-12T21:07:53.427", "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}