Details of VAR-202203-0921

ID

VAR-202203-0921

CVE

CVE-2022-22262

TITLE

Asus Rog Live Service Post link vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202203-005

DESCRIPTION

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service

Trust: 1.08

sources: NVD: CVE-2022-22262 // VULHUB: VHN-410284 // VULMON: CVE-2022-22262

AFFECTED PRODUCTS

vendor:

asus

model:

rog live service

scope:

version:

1.3.3.0

Trust: 1.0

sources: NVD: CVE-2022-22262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22262
value:	HIGH
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-22262
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202203-005
value:	HIGH
Trust: 0.6
VULHUB:	VHN-410284
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-22262
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22262
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-410284
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22262
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.2
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-410284 // VULMON: CVE-2022-22262 // CNNVD: CNNVD-202203-005 // NVD: CVE-2022-22262 // NVD: CVE-2022-22262

PROBLEMTYPE DATA

problemtype:

CWE-59

Trust: 1.1

sources: VULHUB: VHN-410284 // NVD: CVE-2022-22262

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-005

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202203-005

PATCH

title:	ROG Live Service Post-link vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185347	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22262 // CNNVD: CNNVD-202203-005

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22262	Trust: 1.8
db:	CNNVD	id:	CNNVD-202203-005	Trust: 0.6
db:	VULHUB	id:	VHN-410284	Trust: 0.1
db:	VULMON	id:	CVE-2022-22262	Trust: 0.1

sources: VULHUB: VHN-410284 // VULMON: CVE-2022-22262 // CNNVD: CNNVD-202203-005 // NVD: CVE-2022-22262

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-5693-f108f-1.html	Trust: 1.8
url:	https://cxsecurity.com/cveshow/cve-2022-22262/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/59.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-410284 // VULMON: CVE-2022-22262 // CNNVD: CNNVD-202203-005 // NVD: CVE-2022-22262

SOURCES

db:	VULHUB	id:	VHN-410284
db:	VULMON	id:	CVE-2022-22262
db:	CNNVD	id:	CNNVD-202203-005
db:	NVD	id:	CVE-2022-22262

LAST UPDATE DATE

2024-11-23T23:07:27.695000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-410284	date:	2022-03-08T00:00:00
db:	VULMON	id:	CVE-2022-22262	date:	2022-03-08T00:00:00
db:	CNNVD	id:	CNNVD-202203-005	date:	2022-03-16T00:00:00
db:	NVD	id:	CVE-2022-22262	date:	2024-11-21T06:46:30.807

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-410284	date:	2022-03-01T00:00:00
db:	VULMON	id:	CVE-2022-22262	date:	2022-03-01T00:00:00
db:	CNNVD	id:	CNNVD-202203-005	date:	2022-03-01T00:00:00
db:	NVD	id:	CVE-2022-22262	date:	2022-03-01T02:15:07.663