CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
12.6%
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
Vendor | Product | Version | CPE |
---|---|---|---|
asus | armoury_crate_service | * | cpe:2.3:a:asus:armoury_crate_service:*:*:*:*:*:*:*:* |
[
{
"product": "Armoury Crate Service",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "5.1.5.0"
}
]
}
]
More