CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48226
https://notcve.org/view.php?id=CVE-2022-48226
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation. • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48226.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48227
https://notcve.org/view.php?id=CVE-2022-48227
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361. • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48227.pdf • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48228
https://notcve.org/view.php?id=CVE-2022-48228
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48228.pdf • CWE-532: Insertion of Sensitive Information into Log File •