AttackerKBAKB:0F90ACCF-16B9-40A6-A699-7FF266AD3481CVE-2022-47986
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.5%
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
Recent assessments:
rbowes-r7 at February 17, 2023 10:13pm UTC reported:
This lives on the network perimeter and uses laughably old versions of software (like Ruby 1.9.3). I had more trouble preventing it from crashing than actually exploiting it. This also tends to store privileged information, since itβs a secure file transfer service. Kinda really bad.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
References
packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html
blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47986
exchange.xforce.ibmcloud.com/vulnerabilities/243512
github.com/ohnonoyesyes/CVE-2022-47986
www.ibm.com/support/pages/node/6952319
www.sentinelone.com/labs/icefire-ransomware-returns-now-targeting-linux-enterprise-networks/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.5%