CVE-2022-48224 – This vulnerability allows standard users to rep... (How to Fix)

Q: What is the severity of CVE-2022-48224?

CVE-2022-48224 has a CVSS score of 7.3 (HIGH). This vulnerability allows standard users to replace files in the Acuant AcuFill SDK installation directory due to insecure permissions. When these files are executed with elevated privileges, attackers can achieve arbitrary code execution and privilege escalation. Organizations using affected versions of AcuFill SDK are at risk.

📋 TL;DR

This vulnerability allows standard users to replace files in the Acuant AcuFill SDK installation directory due to insecure permissions. When these files are executed with elevated privileges, attackers can achieve arbitrary code execution and privilege escalation. Organizations using affected versions of AcuFill SDK are at risk.

💻 Affected Systems

Products:

Acuant AcuFill SDK

Versions: All versions before 10.22.02.03

Operating Systems: Windows (based on Program Files directory reference)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AcuFill SDK to be installed with default permissions in Program Files directory.

📦 What is this software?

Acuant Acufill Sdk by Gbgplc

View all CVEs affecting Acuant Acufill Sdk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains administrative privileges, installs persistent malware, accesses sensitive data, and moves laterally across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install unauthorized software, or access restricted resources on the affected system.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially detected during file modification attempts.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Standard users on affected systems can exploit this to gain administrative privileges, posing significant internal security risks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local user access but is straightforward - attackers simply need to replace files in the vulnerable directory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.22.02.03 and later

Vendor Advisory: https://acuant.com

Restart Required: Yes

Instructions:

1. Download AcuFill SDK version 10.22.02.03 or later from Acuant. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart affected systems.

🔧 Temporary Workarounds

Restrict directory permissions

windows

Manually adjust permissions on the AcuFill SDK installation directory to prevent write access by standard users.

icacls "C:\Program Files\Acuant\AcuFill SDK" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Implement strict access controls and monitoring on the AcuFill SDK installation directory
Limit standard user access to systems with AcuFill SDK installed

🔍 How to Verify

Check if Vulnerable:

Check AcuFill SDK version and verify if installed directory (typically C:\Program Files\Acuant\AcuFill SDK) has write permissions for standard users.

Check Version:

Check AcuFill SDK version through installed programs list or application interface.

Verify Fix Applied:

Verify AcuFill SDK version is 10.22.02.03 or later and check that installation directory permissions restrict write access for standard users.

📡 Detection & Monitoring

Log Indicators:

File modification events in AcuFill SDK directory by standard users
Unexpected privilege escalation events

Network Indicators:

Unusual outbound connections from systems with AcuFill SDK

SIEM Query:

EventID=4663 AND ObjectName LIKE '%Acuant%AcuFill SDK%' AND SubjectUserName NOT IN (admin_users)

📊 Metadata

CVE ID: CVE-2022-48224

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: April 4, 2023

Last Updated: February 18, 2025

🔗 References

https://acuant.com Not Applicable
https://hackandpwn.com/disclosures/CVE-2022-48224.pdf Third Party Advisory
https://acuant.com Not Applicable
https://hackandpwn.com/disclosures/CVE-2022-48224.pdf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48224, you might also want to check these: