Lucene search

[email protected]NVD:CVE-2022-35629

HistoryJul 29, 2022 - 5:15 p.m.

CVE-2022-35629

2022-07-2917:15:09

CWE-290

CWE-287

[email protected]

web.nvd.nist.gov

bug handling communication

client id

velociraptor 0.6.5-2

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.

Affected configurations

Nvd

Node

rapid7velociraptorRange<0.6.5-2

VendorProductVersionCPE
rapid7velociraptor*cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rapid7	velociraptor	*	cpe:2.3:a:rapid7:velociraptor::::::::

References

www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2022-35629

cvelist1 cve1 prion1 rapid7blog1