cvedb.io
CVE-2022-38699
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2022-09-28T04:15:13.857 · Last modified 2026-06-17T04:57:02.853

Summary

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

Affected products

asus — armoury_crate_service

Does this affect you?

Add your gear to cvedb and we'll alert you only when asus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.