CVE-2022-48226

HIGH

Acuant AcuFill SDK < 10.22.02.03 - Privilege Escalation via Temp Directory EXE Execution

Title source: llm

Description

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.

References (2)

Core 2

Core References

Not Applicable

https://acuant.com

Third Party Advisory

https://hackandpwn.com/disclosures/CVE-2022-48226.pdf

Scores

CVSS v3 7.8

EPSS 0.0018

EPSS Percentile 7.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

gbgplc/acuant_acufill_sdk < 10.22.02.03

Published Apr 04, 2023

Tracked Since Feb 18, 2026