Lucene search

Rapid7CVE-2022-35629

HistoryJul 29, 2022 - 5:15 p.m.

CVE-2022-35629

2022-07-2917:15:09

CWE-290

CWE-287

rapid7

web.nvd.nist.gov

cve-2022-35629

bug

client-server communication

velociraptor 0.6.5-2

security issue

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.

Affected configurations

Nvd

Node

rapid7velociraptorRange<0.6.5-2

VendorProductVersionCPE
rapid7velociraptor*cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rapid7	velociraptor	*	cpe:2.3:a:rapid7:velociraptor::::::::

CNA Affected

[
  {
    "product": "Velociraptor",
    "vendor": "Rapid7",
    "versions": [
      {
        "lessThan": "0.6.5-2",
        "status": "affected",
        "version": "0.6.5-2",
        "versionType": "custom"
      }
    ]
  }
]

References

www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/

Social References

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2022-35629