CVE-2022-38699 - CERT CVE
ID CVE-2022-38699
Sažetak Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
Reference
CVSS
Base: 5.9
Impact: 5.2
Exploitability:0.7
Pristup
VektorSloženostAutentikacija
PHYSICAL LOW -
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH HIGH
CVSS vektor CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Zadnje važnije ažuriranje 30-09-2022 - 13:01
Objavljeno 28-09-2022 - 04:15