Lucene search

[email protected]NVD:CVE-2022-27963

HistoryMar 31, 2022 - 11:15 p.m.

CVE-2022-27963

2022-03-3123:15:08

CWE-428

[email protected]

web.nvd.nist.gov

xftp 7.0.0088p

binary hijack

vulnerability

arbitrary code

crafted .exe file

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.

Affected configurations

Nvd

Node

netsarangxftpRange<7.0.0088p

AND

microsoftwindowsMatch-

VendorProductVersionCPE
netsarangxftp*cpe:2.3:a:netsarang:xftp:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netsarang	xftp	*	cpe:2.3:a:netsarang:xftp::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

github.com/ycdxsb/Vuln/tree/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xftp-CreateProcessW-Misuse-Binary-Hijack

www.netsarang.com/en/xftp-update-history/

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Related for NVD:CVE-2022-27963

cve1 cvelist1 prion1 nessus1