Lucene search

ZyxelCVELIST:CVE-2022-0556

HistoryApr 11, 2022 - 11:50 a.m.

CVE-2022-0556

2022-04-1111:50:16

CWE-269

Zyxel

www.cve.org

cve-2022-0556

zyxel

zac

local privilege escalation

incorrect permission assignment

arbitrary code execution

local administrator

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

15.9%

JSON

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.

CNA Affected

[
  {
    "product": "Zyxel AP Configurator (ZAC)",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V1.1.4"
      }
    ]
  }
]

References

www.zyxel.com/support/Zyxel-security-advisory-for-local-privilege-escalation-vulnerability-of-AP-Configurator.shtml

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

15.9%

JSON

Related for CVELIST:CVE-2022-0556