CVE-2022-43702

EPSS 0.05%
Published 27.07.2023 22:15:12
Last modified 13.02.2025 17:15:46
Source arm-security@arm.com
Teams watchlist Login
Open Login

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Affected products Warnungen 0 Metrics 2 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Arm ≫ Arm Compiler Version >= 5.00 <= 5.06

Arm ≫ Arm Compiler Version >= 6.00 < 6.18

Arm ≫ Arm Compiler For Embedded Fusa Version6.16 SwEditionlts

Arm ≫ Arm Compiler For Functional Safety Version >= 6.6 < 6.6.5

Arm ≫ Arm Development Studio

Arm ≫ Ds Development Studio Version >= 5.0.0 <= 5.29.3

Arm ≫ Fast Models

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.152

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://developer.arm.com/documentation/ka005596/latest

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html

https://nvd.nist.gov/vuln/detail/CVE-2022-43702

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43702

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43702

EUVD