CVE-2022-22262 HIGH

CVE-2022-22262: ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access

Vendor Asus
Product Armoury Crate & Aura Creator Installer (ROG Live Service)
Weakness CWE-59
Published March 1, 2022
Last update September 17, 2024

CVSS base score

7.7/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.

Key dates

02Disclosure timeline

March 1, 2022 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE