CVE-2022-34755

Name of the Vulnerable Software and Affected Versions Easergy Builder Installer versions 1.7.23 and prior

Description The issue is related to an uncontrolled search path element in the installer, which could allow an attacker with a local privileged account to execute arbitrary code during the installation process. This is achieved by placing a specially crafted file on the target machine. The attacker must have a local privileged account to exploit this issue.

Recommendations For Easergy Builder Installer versions 1.7.23 and prior, consider restricting access to the installation process until a patch is available. As a temporary workaround, ensure that only trusted users have privileged accounts on the target machine to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.