CVE-2022-43701Incorrect Default Permissions in ARM Compiler

CWE-276Incorrect Default Permissions2 documents2 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 83.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ARM CompilerARM Linaro ForgeARM DS Development Studio+2 more
Timeline
PublishedJul 27
Latest updateJul 28

Description

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDarm/arm_compiler6.006.20+3
NVDarm/linaro_forge< 22.1
NVDarm/ds_development_studio5.0.05.29.3

🔴Vulnerability Details

1
GHSA
GHSA-f7p2-4f5g-hfv9: When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to2023-07-28