Vulnerability Description
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Arm Compiler | >= 5.00, <= 5.06 |
| Arm | Arm Compiler For Embedded Fusa | 6.16 |
| Arm | Arm Compiler For Functional Safety | 6.6 |
| Arm | Arm Development Studio | All versions |
| Arm | Arm Mobile Studio | All versions |
| Arm | Ds Development Studio | >= 5.0.0, <= 5.29.3 |
| Arm | Fast Models | All versions |
| Arm | Gnu Toolchain | All versions |
| Arm | Keil Mdk | All versions |
| Arm | Linaro Forge | < 22.1 |
| Arm | Mbed Studio | All versions |
Related Weaknesses (CWE)
References
- https://developer.arm.com/documentation/ka005596/latestVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.
- https://developer.arm.com/documentation/ka005596/latestVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.
FAQ
What is CVE-2022-43701?
CVE-2022-43701 is a vulnerability with a CVSS score of 7.8 (HIGH). When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
How severe is CVE-2022-43701?
CVE-2022-43701 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43701?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Arm Compiler, Arm Arm Compiler For Embedded Fusa, Arm Arm Compiler For Functional Safety, Arm Arm Development Studio, Arm Arm Mobile Studio.