CVE-2022-48224

Vulnerability

The Acuant AcuFill SDK before version 10.22.02.03 is installed with insecure permissions, granting full write access within the Program Files directory. This misconfiguration allows any standard user to modify or replace files in that directory. The vulnerability is present in the default installation configuration of the SDK, as described in the official advisory. [1]

Exploitation

To exploit this vulnerability, an attacker must have local access as a standard user on the affected system. No additional authentication or special privileges are required. The attacker can simply replace an executable or DLL file in the Acuant AcuFill installation directory (within Program Files) with a malicious payload. When the application or a system service runs the replaced file with elevated privileges, the payload executes in the context of the higher privilege level. The exploitation does not require user interaction beyond the normal startup of the application or system process. [1]

Impact

Successful exploitation results in arbitrary code execution with elevated privileges, effectively granting the attacker complete control over the affected system. This leads to a full compromise of confidentiality, integrity, and availability (CIA triad) at the SYSTEM or administrative privilege level. The attacker can install programs, view, change, or delete data, or create new accounts with full user rights. [1]

Mitigation

The vulnerability is fixed in Acuant AcuFill SDK version 10.22.02.03, released in April 2023. Users should update to this version or later. No workaround is provided in the available references, and the product is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Affected installations should apply the latest security update as soon as possible. [1]