Vulnerability Details CVE-2022-23922
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.4%
CVSS Severity
CVSS v3 Score 5.6
CVSS v2 Score 4.4
References
- https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03
- https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03
Products affected by CVE-2022-23922
-
cpe:2.3:a:win-911:win-911_2021_r1:5.21.10
-
cpe:2.3:a:win-911:win-911_2021_r2:5.21.17