Filtered by vendor Asus Subscriptions
Filtered by product Armoury Crate Service Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-38699 1 Asus 1 Armoury Crate Service 2024-11-21 5.9 Medium
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.