CWE-276: INCORRECT DEFAULT PERMISSIONS: The affected product is vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.
Successful exploitation of these vulnerabilities could allow an attacker to leverage the misconfigured privileges to the installed directory and achieve code execution in the application’s context and permissions.

Risk Information

  • CVE ID
  • CVE-2022-23922
  • Vendor
  • WIN-911
  • Product
  • WIN-911 2021
  • CVSS v3
  • 5.6