exploitDog

CVE-2022-34825

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Ссылки

https://jpn.nec.com/security-info/secinfo/nv22-014_en.html
Vendor Advisory
https://jpn.nec.com/security-info/secinfo/nv22-014_en.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*

Версия до 5.0 (включая)

cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*

Версия до 5.0 (включая)

EPSS

Процентиль: 82%

0.01639

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-427

CWE-427

Связанные уязвимости

GHSA-gmcp-v2jv-3qq3

CVSS3: 9.8

github

около 3 лет назад

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

EPSS

Процентиль: 82%

0.01639

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-427

CWE-427