CVE-2022-43702

EPSS 0.05%
Veröffentlicht 27.07.2023 22:15:12
Zuletzt bearbeitet 13.02.2025 17:15:46
Quelle arm-security@arm.com
Teams Watchlist Login
Unerledigt Login

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Arm Compiler Version >= 5.00 <= 5.06

Arm ≫ Arm Compiler Version >= 6.00 < 6.18

Arm ≫ Arm Compiler For Embedded Fusa Version6.16 SwEditionlts

Arm ≫ Arm Compiler For Functional Safety Version >= 6.6 < 6.6.5

Arm ≫ Arm Development Studio

Arm ≫ Ds Development Studio Version >= 5.0.0 <= 5.29.3

Arm ≫ Fast Models

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.152

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://developer.arm.com/documentation/ka005596/latest

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html

https://nvd.nist.gov/vuln/detail/CVE-2022-43702

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43702

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43702

EUVD