Published: 10/03/2022 Updated: 07/11/2023

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

In Python prior to 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local malicious user to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) up to and including 3.7.12, 3.8.x up to and including 3.8.12, 3.9.x up to and including 3.9.10, and 3.10.x up to and including 3.10.2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python
python python 3.11.0
netapp ontap select deploy administration utility -
netapp active iq unified manager -

Critical Infrastructure Sectors: Critical Manufacturing

CWE-426 https://security.netapp.com/advisory/ntap-20220419-0005/https://mail.python.org/archives/list/security-announce%40python.org/thread/657Z4XULWZNIY5FRP3OWXHYKUSIH6DMN/https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-26488

Vulnerability Summary

Vulnerability Trend

ICS Advisories

References

Vulmon Search

About

Products

Connect