CVE-2022-43701

EPSS 0.06%
Veröffentlicht 27.07.2023 22:15:10
Zuletzt bearbeitet 13.02.2025 17:15:46
Quelle arm-security@arm.com
CVE-Watchlists
Login
Unerledigt
Login

Insecure directory permissions on installer files

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 12 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Arm Compiler Version >= 5.00 <= 5.06

Arm ≫ Arm Compiler Version >= 6.00 < 6.20

Arm ≫ Arm Compiler For Embedded Fusa Version6.16 SwEditionlts

Arm ≫ Arm Compiler For Functional Safety Version6.6

Arm ≫ Arm Development Studio

Arm ≫ Arm Mobile Studio

Arm ≫ Ds Development Studio Version >= 5.0.0 <= 5.29.3

Arm ≫ Fast Models

Arm ≫ Gnu Toolchain

Arm ≫ Keil Mdk

Arm ≫ Linaro Forge Version < 22.1

Arm ≫ Mbed Studio

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.194

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://developer.arm.com/documentation/ka005596/latest

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html

https://nvd.nist.gov/vuln/detail/CVE-2022-43701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43701

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-43701