CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2022-42948 – Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-42948
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI. Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution. • https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike https://www.cobaltstrike.com/blog https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 8CVE-2022-39197 – Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-39197
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed). Se encontró una vulnerabilidad de tipo XSS (Cross Site Scripting) en HelpSystems Cobalt Strike versiones hasta 4.7 que permitía a un atacante remoto ejecutar HTML en el servidor de equipos de Cobalt Strike. Para explotar la vulnerabilidad, uno debe primero inspeccionar una carga útil de Cobalt Strike y, a continuación, modificar el campo username en la carga útil (o crear una nueva carga útil con la información extraída y, a continuación, modificar ese campo username para que esté malformado) Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. • https://github.com/its-arun/CVE-2022-39197 https://github.com/burpheart/CVE-2022-39197-patch https://github.com/xzajyjs/CVE-2022-39197-POC https://github.com/TheCryingGame/CVE-2022-39197-RCE https://github.com/4nth0ny1130/CVE-2022-39197-fix_patch https://github.com/safe3s/CVE-2022-39197 https://github.com/adeljck/CVE-2022-39197 https://github.com/purple-WL/Cobaltstrike-RCE-CVE-2022-39197 https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1 https:&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46830
https://notcve.org/view.php?id=CVE-2021-46830
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. Se presenta una vulnerabilidad de salto de ruta en GoAnywhere MFT versiones anteriores a 6.8.3, que usa el autorregistro para el cliente web de GoAnywhere. Esta vulnerabilidad podría permitir que un usuario externo que sea auto-registrado con un nombre de usuario específico y/o información de perfil obtenga acceso a archivos en un nivel de directorio más alto que el previsto • https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml https://www.goanywhere.com/support/advisory/68x https://www.goanywhere.com/support/release-notes/mft?limit=0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43708
https://notcve.org/view.php?id=CVE-2021-43708
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode. La Herramienta de Etiquetado de Titus Classification Suite versión 18.8.1910.140 permite a usuarios evitar la generación de una etiqueta de clasificación usando el modo seguro de Excel • https://medium.com/%40way2goraj/bypass-data-classification-labelling-tool-aa037ff86dee • CWE-281: Improper Preservation of Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23317
https://notcve.org/view.php?id=CVE-2022-23317
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. El receptor HTTP(S) de CobaltStrike versiones anteriores a 4.5 incluyéndola, no determina si la URL de la petición comienza con "/", y los atacantes pueden obtener información relevante al especificar la URL • https://donghuangt1.com/writings/Stager • CWE-287: Improper Authentication •