CVE-2022-38699

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-6522-4eacb-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:asus:armoury_crate_service:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-28 04:15

Updated : 2022-09-30 13:01

NVD link : CVE-2022-38699

Mitre link : CVE-2022-38699

CVE.ORG link : CVE-2022-38699

JSON object : View

Products Affected

asus

armoury_crate_service

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2022-38699", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.7}]}, "published": "2022-09-28T04:15:13.857", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6522-4eacb-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Armoury Crate Service\u2019s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system."}, {"lang": "es", "value": "La funci\u00f3n logging de Armoury Crate Service presenta una comprobaci\u00f3n insuficiente para comprobar si el archivo de registro es un enlace simb\u00f3lico. Un atacante f\u00edsico con privilegio de usuario general puede modificar la propiedad del archivo de registro a un enlace simb\u00f3lico que apunte a un archivo de sistema arbitrario, causando que la funci\u00f3n de registro sobrescriba el archivo de sistema y perturbe el sistema"}], "lastModified": "2022-09-30T13:01:18.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asus:armoury_crate_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A350A1C-4322-4A32-8621-0B4D56A4EE05", "versionEndExcluding": "5.2.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}

5.9 /10