Insecure directory permissions on installer files
CVE-2022-43701

7.8HIGH

Key Information:

Vendor: Arm Ltd
Status: Arm Compiler 5 (ac5), Arm Compiler For Embedded 6 (ac6), Fast Models (fm), Arm Compiler For Embedded Fusa (acef), Arm Development Studio (ads), Arm Forge (af), Arm Mobile Studio (ams), Ds-5 Development Studio, Fast Models (fm), Gnu Toolchain (gt), Keil Mdk (kmdk), Mbed Studio (ms)
Vendor: CVE Published:; 27 July 2023

Summary

This vulnerability affects products from Arm and Intel where insufficient restrictions in the installation directory's file permissions allow attackers to modify files. Consequently, this could lead to the execution of unauthorized and potentially malicious code. It is crucial for users to ensure that file permissions are configured correctly to mitigate such risks and protect their systems from exploitation.

Affected Version(s)

Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS) AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases

References

https://developer.arm.com/documentation/ka005596/latest

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Oct 24, 2022

Credit

FalconCorruption

Intel