Incomplete verification of installation file signature
CVE-2022-43702

7.8HIGH

Key Information:

Vendor: Arm Ltd
Status: Arm Compiler 5 (ac5), Arm Compiler For Embedded 6 (ac6), Fast Models (fm), Arm Compiler For Embedded Fusa (acef), Arm Development Studio (ads), Arm Forge (af), Arm Mobile Studio (ams), Ds-5 Development Studio, Fast Models (fm), Gnu Toolchain (gt), Keil Mdk (kmdk), Mbed Studio (ms)
Vendor: CVE Published:; 27 July 2023

Summary

A vulnerability exists in the ARM Installer when the directory containing the installer is not secured with appropriate file permissions. This insufficient restriction allows an attacker to modify or replace the installer, potentially executing malicious code within the system. Proper configurations and regular updates are critical to mitigate the risks associated with this vulnerability.

Affected Version(s)

Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS) AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases

References

https://developer.arm.com/documentation/ka005596/latest

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Oct 24, 2022

Credit

FalconCorruption

Intel