CVE-2022-50918

Sažetak

VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access during service startup.

Reference

https://developer.vive.com/resources/downloads/
https://www.exploit-db.com/exploits/50824
https://www.vive.com/
https://www.vulncheck.com/advisories/vive-runtime-service-viveagentservice-unquoted-service-path

CVSS

Base:	8.4
Impact:	5.9
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

13-01-2026 - 23:15

Objavljeno

13-01-2026 - 23:15