CVE-2022-43701: Insecure directory permissions on installer files
First published: Thu Jul 27 2023(Updated: )
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
Credit: arm-security@arm.com arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Arm Compiler | >=5.00<=5.06 | |
| Arm Arm Compiler | >=6.00<6.20 | |
| Arm Arm Compiler For Embedded Fusa | =6.16 | |
| Arm Arm Compiler For Functional Safety | =6.6 | |
| Arm Arm Development Studio | ||
| Arm Arm Mobile Studio | ||
| Arm Ds Development Studio | >=5.0.0<=5.29.3 | |
| Arm Fast Models | ||
| Arm Gnu Toolchain | ||
| Arm Keil Mdk | ||
| Arm Linaro Forge | <22.1 | |
| Arm Mbed Studio |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-43701?
CVE-2022-43701 is a vulnerability that occurs when the installation directory does not have sufficiently restrictive file permissions, allowing an attacker to modify files and execute malicious code.
Which software is affected by CVE-2022-43701?
The Arm Arm Compiler versions 5.00 to 5.06, Arm Arm Compiler versions 6.00 to 6.20, Arm Arm Compiler For Embedded Fusa version 6.16, Arm Arm Compiler For Functional Safety version 6.6, Arm Arm Development Studio, Arm Arm Mobile Studio, Arm Ds Development Studio versions 5.0.0 to 5.29.3, Arm Fast Models, Arm Gnu Toolchain, Arm Keil Mdk, Arm Linaro Forge versions up to 22.1, and Arm Mbed Studio are affected by CVE-2022-43701.
What is the severity of CVE-2022-43701?
CVE-2022-43701 has a severity rating of 7.8 (high).
How does CVE-2022-43701 impact security?
CVE-2022-43701 can allow an attacker to modify files in the installation directory and execute malicious code, potentially compromising the security of the affected software.
How can I mitigate CVE-2022-43701?
To mitigate CVE-2022-43701, ensure that the installation directory has sufficiently restrictive file permissions to prevent unauthorized modification of files.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/arm
- canonical/arm arm compiler
- version/arm arm compiler/5.00
- version/arm arm compiler/5.06
- version/arm arm compiler/6.00
- canonical/arm arm compiler for embedded fusa
- version/arm arm compiler for embedded fusa/6.16
- canonical/arm arm compiler for functional safety
- version/arm arm compiler for functional safety/6.6
- canonical/arm arm development studio
- canonical/arm arm mobile studio
- canonical/arm ds development studio
- version/arm ds development studio/5.0.0
- version/arm ds development studio/5.29.3
- canonical/arm fast models
- canonical/arm gnu toolchain
- canonical/arm keil mdk
- canonical/arm linaro forge
- canonical/arm mbed studio