CVE-2022-22262
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ASUS | Armoury Crate & Aura Creator Installer (ROG Live Service) | 1.2.18.0 | affected |
Weaknesses
- CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.