CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48221
https://notcve.org/view.php?id=CVE-2022-48221
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges). • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48221.pdf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48222
https://notcve.org/view.php?id=CVE-2022-48222
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48222.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48223
https://notcve.org/view.php?id=CVE-2022-48223
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48223.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48224
https://notcve.org/view.php?id=CVE-2022-48224
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48224.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48225
https://notcve.org/view.php?id=CVE-2022-48225
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. • https://acuant.com https://hackandpwn.com/disclosures/CVE-2022-48225.pdf • CWE-427: Uncontrolled Search Path Element •