CVE-2022-24285

HIGH Year: 2022
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-287
View all →

Vulnerability Description

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.

Related Vulnerabilities

CVE-2011-4338

HIGH
CVSS:7.8(High)

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact th...

CWE-2872011

CVE-2013-5582

HIGH
CVSS:7.8(High)

Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extr...

CWE-2872013

CVE-2014-1867

HIGH
CVSS:7.8(High)

suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution

CWE-2872014

CVE-2014-8347

HIGH
CVSS:7.8(High)

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevate...

CWE-2872014

CVE-2014-9952

HIGH
CVSS:7.8(High)

In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.

CWE-2872014

CVE-2015-8308

HIGH
CVSS:7.8(High)

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

CWE-2872015