cvedb.io
CVE-2022-48222
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2023-04-04T16:15:07.143 · Last modified 2026-06-17T05:14:47.637

Summary

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).

Affected products

gbgplc — acuant_acufill_sdk

Does this affect you?

Add your gear to cvedb and we'll alert you only when gbgplc ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.