CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 8CVE-2022-39197 – Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-39197
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed). Se encontró una vulnerabilidad de tipo XSS (Cross Site Scripting) en HelpSystems Cobalt Strike versiones hasta 4.7 que permitía a un atacante remoto ejecutar HTML en el servidor de equipos de Cobalt Strike. Para explotar la vulnerabilidad, uno debe primero inspeccionar una carga útil de Cobalt Strike y, a continuación, modificar el campo username en la carga útil (o crear una nueva carga útil con la información extraída y, a continuación, modificar ese campo username para que esté malformado) Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. • https://github.com/its-arun/CVE-2022-39197 https://github.com/burpheart/CVE-2022-39197-patch https://github.com/xzajyjs/CVE-2022-39197-POC https://github.com/TheCryingGame/CVE-2022-39197-RCE https://github.com/4nth0ny1130/CVE-2022-39197-fix_patch https://github.com/safe3s/CVE-2022-39197 https://github.com/adeljck/CVE-2022-39197 https://github.com/purple-WL/Cobaltstrike-RCE-CVE-2022-39197 https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1 https:&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23317
https://notcve.org/view.php?id=CVE-2022-23317
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. El receptor HTTP(S) de CobaltStrike versiones anteriores a 4.5 incluyéndola, no determina si la URL de la petición comienza con "/", y los atacantes pueden obtener información relevante al especificar la URL • https://donghuangt1.com/writings/Stager • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2021-36798
https://notcve.org/view.php?id=CVE-2021-36798
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en Team Server en HelpSystems Cobalt Strike versiones 4.2 y 4.3. Permite a atacantes remotos bloquear el hilo del servidor C2 y la comunicación de las balizas con él • https://github.com/M-Kings/CVE-2021-36798 https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations https://www.cobaltstrike.com/releasenotes.txt • CWE-770: Allocation of Resources Without Limits or Throttling •