Elevated Code Execution Vulnerability in Acuant AcuFill SDK

Elevated Code Execution Vulnerability in Acuant AcuFill SDK

CVE-2022-48226 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.

Learn more about our User Device Pen Test.