CVE-2022-48223

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
gbgplcacuant_acufill_sdk
𝑥
< 10.22.02.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://acuant.com
https://hackandpwn.com/disclosures/CVE-2022-48223.pdf
https://acuant.com
https://hackandpwn.com/disclosures/CVE-2022-48223.pdf