CVE-2022-48224
CVSS V2 None
CVSS V3 None
Description
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).
Overview
- CVE ID
- CVE-2022-48224
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-04-04T16:15:07
- Last Modified Date
- 2023-04-11T14:53:32
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:gbgplc:acuant_acufill_sdk:*:*:*:*:*:*:*:* | 1 | OR | 10.22.02.03 |
References
| Reference URL | Reference Tags |
|---|---|
| https://acuant.com | Not Applicable |
| https://hackandpwn.com/disclosures/CVE-2022-48224.pdf | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-48224 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48224 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 04:07:38 | Added to TrackCVE | |||
| 2023-04-17 04:07:40 | Weakness Enumeration | new |