CVE-2022-24285

EPSS 0.03%
Published 10.03.2022 17:46:02
Last modified 21.11.2024 06:50:05
Source cve@mitre.org
Teams watchlist Login
Open Login

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Acer ≫ Care Center Version >= 4.00.3000 < 4.00.3042

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.052

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://community.acer.com/en/kb/articles/14761

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-24285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24285

EUVD