What is CVE-2022-24138?

CVE-2022-24138 is a vulnerability in IOBit Advanced System Care (Asc.exe) 15 and Action Download Center that allows low privilege users to switch a genuine component with a malicious one.

What is the severity of CVE-2022-24138?

CVE-2022-24138 has a severity rating of 7.8, which is considered high.

How does CVE-2022-24138 affect IOBit Advanced System Care?

CVE-2022-24138 allows low privilege users to download malicious components into the ProgramData folder of IOBit Advanced System Care.

How can I fix CVE-2022-24138 in IOBit Advanced System Care?

To fix CVE-2022-24138, it is recommended to update IOBit Advanced System Care to a version that addresses the vulnerability.

Where can I find more information about CVE-2022-24138?

You can find more information about CVE-2022-24138 on the official websites of IOBit and Advanced System Care, as well as the GitHub repository provided in the references.

Vulnerability/
CVE-2022-24138

high

7.8

CWE

552

6/7/2022

3/8/2024

CVE-2022-24138

First published: Wed Jul 06 2022(Updated: )

IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Iobit Advanced Systemcare	=15
Iobit Advanced Systemcare	=15

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-24138?
CVE-2022-24138 is a vulnerability in IOBit Advanced System Care (Asc.exe) 15 and Action Download Center that allows low privilege users to switch a genuine component with a malicious one.
What is the severity of CVE-2022-24138?
CVE-2022-24138 has a severity rating of 7.8, which is considered high.
How does CVE-2022-24138 affect IOBit Advanced System Care?
CVE-2022-24138 allows low privilege users to download malicious components into the ProgramData folder of IOBit Advanced System Care.
How can I fix CVE-2022-24138 in IOBit Advanced System Care?
To fix CVE-2022-24138, it is recommended to update IOBit Advanced System Care to a version that addresses the vulnerability.
Where can I find more information about CVE-2022-24138?
You can find more information about CVE-2022-24138 on the official websites of IOBit and Advanced System Care, as well as the GitHub repository provided in the references.

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/event
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/iobit
canonical/iobit advanced systemcare
version/iobit advanced systemcare/15

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.