Vulnerability Details CVE-2022-38699
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.5%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2022-38699
-
cpe:2.3:a:asus:armoury_crate_service:-
-
cpe:2.3:a:asus:armoury_crate_service:5.1.5.0