CVE-2022-24562

Опубликовано: 16 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.

Ссылки

http://iobit.com
Product
Vendor Advisory
http://iotransfer.com
Broken Link
http://packetstormsecurity.com/files/167775/IOTransfer-4.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://medium.com/%40tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d
http://iobit.com
Product
Vendor Advisory
http://iotransfer.com
Broken Link
http://packetstormsecurity.com/files/167775/IOTransfer-4.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://medium.com/%40tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iobit:iotransfer:4.3.1.1561:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.49159

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-xh6j-gj5f-hrpp