Lucene search

K
nvd[email protected]NVD:CVE-2022-42948
HistoryMar 24, 2023 - 2:15 p.m.

CVE-2022-42948

2023-03-2414:15:09
CWE-116
web.nvd.nist.gov
4
cobalt strike
html escape
vulnerability
remote code execution
swing components

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.03

Percentile

91.1%

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.

Affected configurations

Nvd
Node
helpsystemscobalt_strikeMatch4.7.1
VendorProductVersionCPE
helpsystemscobalt_strike4.7.1cpe:2.3:a:helpsystems:cobalt_strike:4.7.1:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.03

Percentile

91.1%

Related for NVD:CVE-2022-42948