CVE-2022-43702

HIGH

ARM Compiler 5.00-5.06 and ARM Compiler for Functional Safety 6.6-6.6.5 - Improper Access Control in Installer Directory

Title source: llm

Description

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

References (2)

Core 2

Core References

Vendor Advisory

https://developer.arm.com/documentation/ka005596/latest

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 13.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284 CWE-276

Status published

Products (6)

arm/arm_compiler 5.00 - 5.06

arm/arm_compiler_for_embedded_fusa 6.16

arm/arm_compiler_for_functional_safety 6.6 - 6.6.5

arm/arm_development_studio

arm/ds_development_studio 5.0.0 - 5.29.3

arm/fast_models

Published Jul 27, 2023

Tracked Since Feb 18, 2026