exploitDog

CVE-2022-34824

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Ссылки

https://jpn.nec.com/security-info/secinfo/nv22-014_en.html
Vendor Advisory
https://jpn.nec.com/security-info/secinfo/nv22-014_en.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*

Версия до 5.0 (включая)

cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*

Версия до 5.0 (включая)

EPSS

Процентиль: 80%

0.01366

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-276

CWE-276

Связанные уязвимости

GHSA-jw3w-3gxw-82qw

CVSS3: 9.8

github

около 3 лет назад

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

EPSS

Процентиль: 80%

0.01366

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-276

CWE-276