How severe is CVE-2022-29549?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2022-29549?

This is classified as CWE-354, which is a common weakness in software security.

CVE-2022-29549 - HIGH Severity | CVSS 7.3

Vulnerability Description

An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.

Related Vulnerabilities

CVE-2017-18649

HIGH

CVSS:7.2(High)

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity ch...

CWE-3542017

CVE-2021-20709

HIGH

CVSS:7.2(High)

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and e...

CWE-3542021

CVE-2023-36650

HIGH

CVSS:7.2(High)

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

CWE-3542023

CVE-2020-4610

HIGH

CVSS:7.4(High)

IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919.

CWE-3542020

CVE-2012-1170

HIGH

CVSS:7.5(High)

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

CWE-3542012

CVE-2017-18689

HIGH

CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifyi...

CWE-3542017