Lucene search

[email protected]CVE-2022-48223

HistoryApr 04, 2023 - 4:15 p.m.

CVE-2022-48223

2023-04-0416:15:07

CWE-427

[email protected]

web.nvd.nist.gov

acuant acufill

sdk

cve-2022-48223

dll hijacking

certutil.exe

security vulnerability

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.

Affected configurations

NVD

Node

gbgplcacuant_acufill_sdkRange<10.22.02.03

CPENameOperatorVersion
gbgplc:acuant_acufill_sdkgbgplc acuant acufill sdklt10.22.02.03

CPE	Name	Operator	Version
gbgplc:acuant_acufill_sdk	gbgplc acuant acufill sdk	lt	10.22.02.03

References

acuant.com

hackandpwn.com/disclosures/CVE-2022-48223.pdf

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2022-48223

cvelist1 nvd1 prion1