Vulnerability Description
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Arm Compiler | >= 5.00, <= 5.06 |
| Arm | Arm Compiler For Embedded Fusa | 6.16 |
| Arm | Arm Compiler For Functional Safety | >= 6.6, < 6.6.5 |
| Arm | Arm Development Studio | All versions |
| Arm | Ds Development Studio | >= 5.0.0, <= 5.29.3 |
| Arm | Fast Models | All versions |
Related Weaknesses (CWE)
References
- https://developer.arm.com/documentation/ka005596/latestVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.
- https://developer.arm.com/documentation/ka005596/latestVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.
FAQ
What is CVE-2022-43702?
CVE-2022-43702 is a vulnerability with a CVSS score of 7.8 (HIGH). When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
How severe is CVE-2022-43702?
CVE-2022-43702 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43702?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Arm Compiler, Arm Arm Compiler For Embedded Fusa, Arm Arm Compiler For Functional Safety, Arm Arm Development Studio, Arm Ds Development Studio.