CVE-2022-43702

2023-07-2722:15:12

CWE-276

CWE-284

[email protected]

web.nvd.nist.gov

cve-2022-43702

file permissions

malicious code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Affected configurations

Nvd

Node

armarm_compilerRange5.00–5.06

armarm_compilerRange6.00–6.18

armarm_compiler_for_embedded_fusaMatch6.16lts

armarm_compiler_for_functional_safetyRange6.6–6.6.5

armarm_development_studio

armds_development_studioRange5.0.0–5.29.3

armfast_models

VendorProductVersionCPE
armarm_compiler*cpe:2.3:a:arm:arm_compiler:*:*:*:*:*:*:*:*
armarm_compiler_for_embedded_fusa6.16cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16:*:*:*:lts:*:*:*
armarm_compiler_for_functional_safety*cpe:2.3:a:arm:arm_compiler_for_functional_safety:*:*:*:*:*:*:*:*
armarm_development_studio*cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*
armds_development_studio*cpe:2.3:a:arm:ds_development_studio:*:*:*:*:*:*:*:*
armfast_models*cpe:2.3:a:arm:fast_models:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arm	arm_compiler	*	cpe:2.3:a:arm:arm_compiler::::::::
arm	arm_compiler_for_embedded_fusa	6.16	cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16::::lts:::
arm	arm_compiler_for_functional_safety	*	cpe:2.3:a:arm:arm_compiler_for_functional_safety::::::::
arm	arm_development_studio	*	cpe:2.3:a:arm:arm_development_studio::::::::
arm	ds_development_studio	*	cpe:2.3:a:arm:ds_development_studio::::::::
arm	fast_models	*	cpe:2.3:a:arm:fast_models::::::::