CVE-2022-48224

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
gbgplcacuant_acufill_sdk
𝑥
< 10.22.02.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://acuant.com
https://hackandpwn.com/disclosures/CVE-2022-48224.pdf
https://acuant.com
https://hackandpwn.com/disclosures/CVE-2022-48224.pdf