Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Asus GameFirst IV is Vulnerable to attacks.

_H0PE_
Level 7

‎03-22-2018 03:55 AM - last edited on ‎03-06-2024 09:07 PM by Community Admin

Dear Asus,

My Forticlient shows that the MariaDB based db "part" of GameFirst IV is heavily outdated, thus got lot of critical vulnerabilities in it.
I would like to update it to the latest version, however just installing over the new MariaDB version will cetainly give some issues (for e.g. the username password that the app uses in the DB is unknown to me).

All in all, we need an updated GameFirst IV or a patch/update so we can update to latest MariaDB.

Your version is 5.5 and latest is 10.2 so there are huge version differences and changes no doubt toward securing the db.

Let me know what steps you/me can take to fix this issue. Please see how many vulnerabilities Forticlient found in the DB:

72447
Labels:
0 Kudos
3,240 Views
4 REPLIES 4

Carbonicdk
Level 8

‎03-22-2018 06:23 AM

MariaDB is supported until 2020 so far so while it might be heavily outdated from a feature standpoint it's not heavily outdated from a security standpoint.
https://mariadb.org/extended-maintenance-period-mariadb-5-5/

I'm not saying if the application is secure or not, I'm just saying that you can't come to that conclusion just because they use MariaDB and not a never version:
https://mariadb.org/extended-maintenance-period-mariadb-5-5/
0 Kudos

_H0PE_
Level 7
In response to Carbonicdk

‎03-22-2018 07:14 AM

No,

My conclusion is based on a security application that checks vulnerabilities. As I showed it on the screenshot, there are missing patches from this particular DB version, 163 vulnerabilities to be exact.

5.5 does have support up until 2020, however the patches are patches... they need to be applied to the product. And since this is not an "installation" for MariaDB itself I doubt I can apply the patches.

These vulnerabilities are specifically listing what is the vulnerability. e.g.: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0546
That is one of the critical vulnerability, there are 16 high risk vulnerabilites, more than 99 medium risk and rest is low. These are patched in the new DB versions.

In case my app can be trusted for checking specifically for the vulnerabilities (which does happen)... Asus app(s) need to be updated accordingly.
0 Kudos

_H0PE_
Level 7
In response to _H0PE_

‎03-26-2018 03:47 AM

I've managed to update to the latest version, so far I don't see any issues in the app nor in event viewer.

Current version is 5.5.36 which is 4years old with the installed GameFirst IV version. VERY outdated, and vulnerable db version.
Latest MariaDB version is 5.5.59

Instructions: Just download the latest version 64bit zip edition from mariadb website:
https://downloads.mariadb.org/mariadb/+releases/

Extract the bin, data and share folders over to your gameFirst mariadb folder (overwrite or just delete the original mariadb folder and create a new folder with the extract process.

After this I've restarted, checked if Gaming Center starts up properly and GameFirst IV along with Rog Aura Core (got no clue if the later one is impacted at all, prob. not but I wanted to make sure). Checked Event Viewer, found no related error or warning messages.

After the above process checked for vulnerabilities with FortiClient:

72555

I feel safer now and you should do the update as well...
0 Kudos

AlexB121
Level 7

‎03-26-2018 08:55 AM

Thanks i just patched both my systems
0 Kudos