CVE-2022-25090

Published
View on NVD ↗
CVSS v3
8.1
HIGH
CVSS v2
9.3
HIGH
Affected
1
PROJECT

Description

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.

ComparedArray/printix-CVE-2022-25090
ComparedArray/printix-CVE-2022-25090
A "Creation of Temporary Files in Directory with Insecure Permissions" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows any logged in user to elevate any executable or file to the SYSTEM context. This is achieved by exploiting race conditions in the Installer.
GitHubGitHub
4