Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveArmCVE-2022-43703
HistoryJul 27, 2023 - 10:15 p.m.

CVE-2022-43703

2023-07-2722:15:12
CWE-427
Arm
web.nvd.nist.gov
31
cve-2022-43703
installer
vulnerability
security
nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

Affected configurations

Nvd
Node
armarm_development_studio
OR
armds_development_studioRange5.0.0โ€“5.29.3
VendorProductVersionCPE
armarm_development_studio*cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*
armds_development_studio*cpe:2.3:a:arm:ds_development_studio:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "installer"
    ],
    "product": "Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "status": "affected",
        "version": "AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
prion 1
intel 1
cvelist
cvelist
CVE-2022-43703 Incomplete verification of installation file signature
2023-07-27 21:52:29
nvd
nvd
CVE-2022-43703
2023-07-27 22:15:12
prion
prion
Path traversal
2023-07-27 22:15:00
intel
intel
Arm DS for Intelยฎ SoC FPGA Software Advisory
2024-02-13 00:00:00

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON
Related for CVE-2022-43703
cvelist1nvd1prion1intel1