PT-2022-16583 · Acer · Acer Care Center

Published

2022-03-08

Updated

2022-03-16

CVE-2022-24285

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Acer Care Center versions 4.00.30xx through 4.00.3041

Description The issue concerns a local privilege escalation. It involves the Acer Care Center's communication with the ACCsvc service through a named pipe, where the pipe has read and write rights for general users. The service program fails to verify the user during communication, allowing a thread to potentially execute a specific command. When the path of a program to be executed is sent, it leads to a local privilege escalation, where the service program executes the path with system privileges.

Recommendations For Acer Care Center versions 4.00.30xx through 4.00.3041, update to version 4.00.3042 or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2022-24285

Affected Products

Acer Care Center

PT-2022-16583 · Acer · Acer Care Center

CVE-2022-24285

Weakness Enumeration

Related Identifiers

Affected Products

References · 3