CVE-2022-43310

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/hxxt9049/futing	Third Party Advisory
https://www.foxitsoftware.cn/support/security-bulletins.html	Vendor Advisory
https://www.foxitsoftware.com/support/security-bulletins.php	Not Applicable Vendor Advisory
https://github.com/hxxt9049/futing	Third Party Advisory
https://www.foxitsoftware.cn/support/security-bulletins.html	Vendor Advisory
https://www.foxitsoftware.com/support/security-bulletins.php	Not Applicable Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:foxitsoftware:foxit_reader:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:26

Type	Values Removed	Values Added
References	~~() https://github.com/hxxt9049/futing - Third Party Advisory~~	() https://github.com/hxxt9049/futing - Third Party Advisory
References	~~() https://www.foxitsoftware.cn/support/security-bulletins.html - Vendor Advisory~~	() https://www.foxitsoftware.cn/support/security-bulletins.html - Vendor Advisory
References	~~() https://www.foxitsoftware.com/support/security-bulletins.php - Not Applicable, Vendor Advisory~~	() https://www.foxitsoftware.com/support/security-bulletins.php - Not Applicable, Vendor Advisory

Information

Published : 2022-11-09 21:15

Updated : 2024-11-21 07:26

NVD link : CVE-2022-43310

Mitre link : CVE-2022-43310

CVE.ORG link : CVE-2022-43310

JSON object : View

Products Affected

foxitsoftware

foxit_reader

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-43310", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-11-09T21:15:17.867", "references": [{"url": "https://github.com/hxxt9049/futing", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.foxitsoftware.cn/support/security-bulletins.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.foxitsoftware.com/support/security-bulletins.php", "tags": ["Not Applicable", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/hxxt9049/futing", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.foxitsoftware.cn/support/security-bulletins.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.foxitsoftware.com/support/security-bulletins.php", "tags": ["Not Applicable", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path."}, {"lang": "es", "value": "Un elemento no controlado en la ruta de b\u00fasqueda en Foxit Software lanzado en Foxit Reader v11.2.118.51569 permite a los atacantes escalar privilegios al buscar librer\u00edas DLL sin especificar una ruta absoluta"}], "lastModified": "2024-11-21T07:26:15.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94FA04B4-9AEF-42CF-BC2D-A1E524100E19", "versionEndExcluding": "11.2.118.51569"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}