CVE-2022-43702: Incomplete verification of installation file signature
First published: Thu Jul 27 2023(Updated: )
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
Credit: arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm | >=5.00<=5.06 | |
| Arm | >=6.00<6.18 | |
| ARM Compiler for Embedded FUSAs | =6.16 | |
| ARM Compiler for Functional Safety | >=6.6<6.6.5 | |
| ARM Development Studio | ||
| ARM Development Studio | >=5.0.0<=5.29.3 | |
| ARM Fast Models | ||
| >=5.00<=5.06 | ||
| >=6.00<6.18 | ||
| =6.16 | ||
| >=6.6<6.6.5 | ||
| >=5.0.0<=5.29.3 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is vulnerability CVE-2022-43702?
Vulnerability CVE-2022-43702 occurs when the directory containing the installer has insufficient file permissions, allowing an attacker to modify or replace the installer to execute malicious code.
What is the severity level of CVE-2022-43702?
The severity level of CVE-2022-43702 is high, with a CVSS score of 7.8.
Which software packages are affected by CVE-2022-43702?
The affected software packages include Arm Arm Compiler (versions 5.00 to 5.06 and versions 6.00 to 6.18), Arm Arm Compiler for Embedded Fusa (version 6.16), Arm Arm Compiler for Functional Safety (versions 6.6 to 6.6.5), Arm Arm Development Studio, Arm DS Development Studio (versions 5.0.0 to 5.29.3), and Arm Fast Models.
How can I fix CVE-2022-43702?
To fix CVE-2022-43702, ensure that the directory containing the installer has appropriate file permissions that prevent unauthorized modification or replacement of the installer.
Where can I find more information about CVE-2022-43702?
More information about vulnerability CVE-2022-43702 can be found at: https://developer.arm.com/documentation/ka005596/latest
- collector/nvd-latest
- agent/author
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/title
- agent/event
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/arm
- canonical/arm
- version/arm/5.00
- version/arm/5.06
- version/arm/6.00
- canonical/arm compiler for embedded fusas
- version/arm compiler for embedded fusas/6.16
- canonical/arm compiler for functional safety
- version/arm compiler for functional safety/6.6
- canonical/arm development studio
- version/arm development studio/5.0.0
- version/arm development studio/5.29.3
- canonical/arm fast models