exploitDog

CVE-2022-38699

Опубликовано: 28 сент. 2022

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

Ссылки

https://www.twcert.org.tw/tw/cp-132-6522-4eacb-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6522-4eacb-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:asus:armoury_crate_service:*:*:*:*:*:*:*:*

Версия до 5.2.10.0 (исключая)

EPSS

Процентиль: 43%

0.00208

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-59

CWE-59

Связанные уязвимости

GHSA-q96q-h836-9q4h

CVSS3: 5.9

github

больше 3 лет назад

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

EPSS

Процентиль: 43%

0.00208

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-59

CWE-59