Strix
26.1K

CVE-2022-43701

HIGHCVSS 7.8/10EPSS 0.17%

Last modified

CVE-2022-43701 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.. EPSS estimates a 0.17% chance of exploitation in the next 30 days.

Description

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.17%

6.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ArmArm Compiler>= 5.00, <= 5.06
ArmArm Compiler>= 6.00, < 6.20
ArmArm Compiler For Embedded Fusa6.16
ArmArm Compiler For Functional Safety6.6
ArmArm Development StudioAll versions
ArmArm Mobile StudioAll versions
ArmDs Development Studio>= 5.0.0, <= 5.29.3
ArmFast ModelsAll versions
ArmGnu ToolchainAll versions
ArmKeil MdkAll versions
ArmLinaro Forge< 22.1
ArmMbed StudioAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-43701?
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
How severe is CVE-2022-43701?
CVE-2022-43701 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.17% probability of exploitation in the next 30 days.
How do I fix CVE-2022-43701?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-43701?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST