PT-2022-22008 · Micro Star International · Msi Feature Navigator
Published
2022-09-12
·
Updated
2022-09-15
·
CVE-2022-34109
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Micro-Star International MSI Feature Navigator version 1.0.1808.0901
Description
An issue in the software allows attackers to write arbitrary files to the directory PromoPhoto, regardless of file type or size.
Recommendations
For version 1.0.1808.0901, consider restricting access to the PromoPhoto directory to minimize the risk of exploitation. As a temporary workaround, limit the ability to write files to this directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Msi Feature Navigator