CVE-2022-43701

EPSS 0.06%
Published 27.07.2023 22:15:10
Last modified 13.02.2025 17:15:46
Source arm-security@arm.com
Teams watchlist Login
Open Login

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Arm ≫ Arm Compiler Version >= 5.00 <= 5.06

Arm ≫ Arm Compiler Version >= 6.00 < 6.20

Arm ≫ Arm Compiler For Embedded Fusa Version6.16 SwEditionlts

Arm ≫ Arm Compiler For Functional Safety Version6.6

Arm ≫ Arm Development Studio

Arm ≫ Arm Mobile Studio

Arm ≫ Ds Development Studio Version >= 5.0.0 <= 5.29.3

Arm ≫ Fast Models

Arm ≫ Gnu Toolchain

Arm ≫ Keil Mdk

Arm ≫ Linaro Forge Version < 22.1

Arm ≫ Mbed Studio

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.165

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://developer.arm.com/documentation/ka005596/latest

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html

https://nvd.nist.gov/vuln/detail/CVE-2022-43701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43701

EUVD