CVE-2022-22262: ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access
First published: Tue Mar 01 2022(Updated: )
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rog Live Service | <1.3.3.0 |
Remedy
Update ROG Live Service version to 1.3.3.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-22262.
What is the severity of CVE-2022-22262?
The severity of CVE-2022-22262 is high, with a severity value of 7.7.
What is affected by CVE-2022-22262?
The Asus Rog Live Service version up to and excluding 1.3.3.0 is affected by CVE-2022-22262.
How does CVE-2022-22262 work?
CVE-2022-22262 allows an unauthenticated local attacker to create an unexpected symbolic link to a system file path, leading to improper file access.
Is authentication required to exploit CVE-2022-22262?
No, authentication is not required to exploit CVE-2022-22262 as it can be exploited by an unauthenticated local attacker.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/title
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/weakness
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/asus
- canonical/asus rog live service