Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by VIVE
CVE-2022-50918 (GCVE-0-2022-50918)
Vulnerability from cvelistv5 – Published: 2026-01-13 22:51 – Updated: 2026-01-14 15:40
VLAI
Title
VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path
Summary
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access during service startup.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50824 | exploit |
| https://www.vive.com/ | product |
| https://developer.vive.com/resources/downloads/ | product |
| https://www.vulncheck.com/advisories/vive-runtime… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VIVE | VIVE Runtime Service |
Affected:
1.0.0.4
|
Date Public
2022-11-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:40:49.934543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T15:40:55.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VIVE Runtime Service",
"vendor": "VIVE",
"versions": [
{
"status": "affected",
"version": "1.0.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Faisal Alasmari"
}
],
"datePublic": "2022-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access during service startup."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T22:51:53.793Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50824",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50824"
},
{
"name": "Official VIVE Homepage",
"tags": [
"product"
],
"url": "https://www.vive.com/"
},
{
"name": "VIVE Developer Downloads",
"tags": [
"product"
],
"url": "https://developer.vive.com/resources/downloads/"
},
{
"name": "VulnCheck Advisory: VIVE Runtime Service - \u0027ViveAgentService\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vive-runtime-service-viveagentservice-unquoted-service-path"
}
],
"title": "VIVE Runtime Service - \u0027ViveAgentService\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50918",
"datePublished": "2026-01-13T22:51:53.793Z",
"dateReserved": "2026-01-11T13:14:18.877Z",
"dateUpdated": "2026-01-14T15:40:55.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}