CVE-2022-24286

Name of the Vulnerable Software and Affected Versions Acer QuickAccess versions 2.01.300x through 2.01.3029 Acer QuickAccess versions 3.00.30xx through 3.00.3037

Description The issue concerns a local privilege escalation. It involves a user process communicating with a system authority service through a named pipe, where the named pipe has read and write rights for general users. The service program fails to verify the user during communication, allowing a thread to exist with a specific command. When the path of the program to be executed is sent, it results in local privilege escalation, where the service program executes the path with system privileges.

Recommendations For Acer QuickAccess versions 2.01.300x through 2.01.3029, update to version 2.01.3030 or later. For Acer QuickAccess versions 3.00.30xx through 3.00.3037, update to version 3.00.3038 or later.