Lucene search
Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite TeamZDI-22-1156HistoryAug 23, 2022 - 12:00 a.m.
(Pwn2Own) Softing Secure Integration Server UnZipFolder Directory Traversal Remote Code Execution Vulnerability
2022-08-2300:00:00
Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team
www.zerodayinitiative.com
28
remote code execution
softing secure integration server
directory traversal
EPSS
0.002
Percentile
64.4%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Zip::UnZipFolder method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
prion
prion
Path traversal
2022-08-17 21:15:00
cvelist
cvelist
CVE-2022-1373 Softing Secure Integration Server Relative Path Traversal
2022-08-17 20:10:24
nvd
nvd
CVE-2022-1373
2022-08-17 21:15:08
cve
cve
CVE-2022-1373
2022-08-17 21:15:08
zdt
zdt
Softing Secure Integration Server 1.22 Remote Code Execution Exploit
2024-07-22 00:00:00
packetstorm
packetstorm
Softing Secure Integration Server 1.22 Remote Code Execution
2024-07-22 00:00:00
metasploit
metasploit
Softing Secure Integration Server v1.22 Remote Code Execution
2024-04-13 10:10:45
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 07/26/2024
2024-07-26 18:07:13
ics
ics
Softing Secure Integration Server
2022-09-26 12:00:00