CVE-2022-43702

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
27/07/2023
Last modified:
13/02/2025

Description

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:arm:arm_compiler:*:*:*:*:*:*:*:* 5.00 (including) 5.06 (including)
cpe:2.3:a:arm:arm_compiler:*:*:*:*:*:*:*:* 6.00 (including) 6.18 (excluding)
cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16:*:*:*:lts:*:*:*
cpe:2.3:a:arm:arm_compiler_for_functional_safety:*:*:*:*:*:*:*:* 6.6 (including) 6.6.5 (excluding)
cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:ds_development_studio:*:*:*:*:*:*:*:* 5.0.0 (including) 5.29.3 (including)
cpe:2.3:a:arm:fast_models:*:*:*:*:*:*:*:*