CVE-2022-31217

Description

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

7.199999809265137

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

LOCAL

Authentication

NONE