CVE-2022-48226

Vulnerability

An issue exists in Acuant AcuFill SDK versions prior to 10.22.02.03. During the installation process, an executable is executed from the C:\Windows\Temp directory. A standard user can pre-create the expected file or directory at that location, allowing them to hijack the execution flow. The vulnerability is present in all versions before the fixed release [1].

Exploitation

An attacker requires local access as a standard user. They can create a file or directory at C:\Windows\Temp that matches the name expected by the installer. When the installation runs, the executable is launched from that attacker-controlled location, running with elevated privileges (typically SYSTEM). No additional user interaction is needed beyond the normal installation process [1].

Impact

Successful exploitation results in arbitrary code execution with elevated privileges, leading to full system compromise. The attacker gains the ability to install programs, modify data, or create new accounts with full user rights. This is a privilege escalation vulnerability [1].

Mitigation

The vulnerability is fixed in Acuant AcuFill SDK version 10.22.02.03. Users should update to this version or later. If immediate patching is not possible, restrict standard user write access to C:\Windows\Temp as a workaround, though this may affect other applications. The vendor (GBG/Acuant) has released the fix; no CISA KEV listing is currently available [1].