Vulnerabilities (CVE)

Filtered by vendor Asus Subscribe
Filtered by product Armoury Crate Service
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38699 1 Asus 1 Armoury Crate Service 2024-11-21 N/A 5.9 MEDIUM
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.