CVE-2022-24138
Last modified
CVE-2022-24138 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).. EPSS estimates a 0.50% chance of exploitation in the next 30 days.
Description
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Iobit | Advanced Systemcare | 15 |
References
- http://advanced.comNot Applicable
- http://iobit.comVendor Advisory
- https://github.com/tomerpeled92/CVE/Third Party Advisory
- http://advanced.comNot Applicable
- http://iobit.comVendor Advisory
- https://github.com/tomerpeled92/CVE/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-24138?
How severe is CVE-2022-24138?
How do I fix CVE-2022-24138?
Are you affected by CVE-2022-24138?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST