CVE-2022-48226

Severity CVSS v4.0:
Pending analysis
Type:
CWE-269 Improper Privilege Management
Publication date:
04/04/2023
Last modified:
13/02/2025

Description

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gbgplc:acuant_acufill_sdk:*:*:*:*:*:*:*:* 10.22.02.03 (excluding)