Security Advisory

CVE-2022-38699

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-28 03:25:34

Last updated 2025-05-21 14:54:16

Assigner twcert

State PUBLISHED

Description

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

← Browse all CVEs View on cve.org ↗