CVE-2024-22002

Name of the Vulnerable Software and Affected Versions CORSAIR iCUE version 5.9.105

Description The issue is related to insufficient protection of service data due to the loading of dynamic libraries, including MSASN1.dll, NTASN1.dll, and profapi.dll, in the cuepkg-1.2.6 subdirectory of the installation directory. This allows unprivileged users to insert DLL files, potentially enabling a malicious user to elevate their privileges.

Recommendations For CORSAIR iCUE version 5.9.105, consider restricting access to the cuepkg-1.2.6 subdirectory to prevent unprivileged users from inserting malicious DLL files until a patch is available. As a temporary workaround, avoid using the iCUEUpdateService until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.