CVE-2022-24618

HIGH

CVSS v3.1: 7.8 · EPSS: 0.0024 (14.8 percentile)

No user interaction

Source data as of:

At a glance

Severity
HIGH
CVSS
7.8 v3.1 · NVD
EPSS
0.0024 (14.8 percentile) · FIRST.org
CISA KEV
No
Attack conditions (CVSS vector)
No user interaction · Source: NVD Vector
Affected vendors
heimdalsecurity
Published
2022-03-10 · Modified: 2026-07-05

CVSS / EPSS / KEV

CVSS v3.1 7.8 / 10 HIGH Source: NVD
EPSS 0.0024 14.8 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.

Record details

CVE ID
CVE-2022-24618
CVSS (v3.1)
7.8 (HIGH)
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability subscore
1.8
Impact subscore
5.9
EPSS
0.0024 (14.8 percentile) — 2026-07-05
CISA KEV
No
Weakness (CWE)
CWE-281
Affected vendors
heimdalsecurity
Affected configurations (CPE)
1
Published
2022-03-10
Modified
2026-07-05
Status
Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.