CVE-2022-43702 — Improper Access Control in ARM Compiler

CWE-284 — Improper Access Control CWE-276 — Incorrect Default Permissions2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 89.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM Compiler ARM Compiler FOR Functional Safety ARM DS Development Studio +1 more

Timeline

PublishedJul 27

Latest updateJul 28

Description

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDarm/arm_compiler6.00 — 6.18+3

▶NVDarm/ds_development_studio5.0.0 — 5.29.3

🔴Vulnerability Details

GHSA

GHSA-g3h3-xh77-5fcf: When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer↗2023-07-28

▶