Описание
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.
Ссылки
- Not Applicable
- Third Party Advisory
- Not Applicable
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.22.02.03 (исключая)
cpe:2.3:a:gbgplc:acuant_acufill_sdk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
7.8 High
CVSS3
8.4 High
CVSS3
Дефекты
CWE-269
CWE-269
Связанные уязвимости
CVSS3: 7.8
github
почти 3 года назад
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.
EPSS
Процентиль: 9%
0.00033
Низкий
7.8 High
CVSS3
8.4 High
CVSS3
Дефекты
CWE-269
CWE-269