exploitDog

CVE-2022-22262

Опубликовано: 01 мар. 2022

Источник: nvd

CVSS3: 7.7

CVSS2: 3.6

EPSS Низкий

Описание

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5693-f108f-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5693-f108f-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:asus:rog_live_service:*:*:*:*:*:*:*:*

Версия до 1.3.3.0 (исключая)

EPSS

Процентиль: 27%

0.00098

Низкий

7.7 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-59

CWE-59

Связанные уязвимости

GHSA-p79w-3v72-ffh8

CVSS3: 7.7

github

почти 4 года назад

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.

EPSS

Процентиль: 27%

0.00098

Низкий

7.7 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-59

CWE-59