Overview
- Description
- An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-427
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gbgplc:acuant_acufill_sdk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C982B4DA-273F-4B30-B931-2988851C07A5",
"versionEndExcluding": "10.22.02.03"
}
],
"operator": "OR"
}
]
}
]