CVE-2022-43701

EPSS 0.06%
Veröffentlicht 27.07.2023 22:15:10
Zuletzt bearbeitet 13.02.2025 17:15:46
Quelle arm-security@arm.com
Teams Watchlist Login
Unerledigt Login

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Arm Compiler Version >= 5.00 <= 5.06

Arm ≫ Arm Compiler Version >= 6.00 < 6.20

Arm ≫ Arm Compiler For Embedded Fusa Version6.16 SwEditionlts

Arm ≫ Arm Compiler For Functional Safety Version6.6

Arm ≫ Arm Development Studio

Arm ≫ Arm Mobile Studio

Arm ≫ Ds Development Studio Version >= 5.0.0 <= 5.29.3

Arm ≫ Fast Models

Arm ≫ Gnu Toolchain

Arm ≫ Keil Mdk

Arm ≫ Linaro Forge Version < 22.1

Arm ≫ Mbed Studio

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.165

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://developer.arm.com/documentation/ka005596/latest

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html

https://nvd.nist.gov/vuln/detail/CVE-2022-43701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43701

EUVD