CVE-2022-42948

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.

Ссылки

https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/
Technical Description
Third Party Advisory
https://www.cobaltstrike.com/blog/
Vendor Advisory
https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/
Third Party Advisory
https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/
Technical Description
Third Party Advisory
https://www.cobaltstrike.com/blog/
Vendor Advisory
https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:helpsystems:cobalt_strike:4.7.1:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19512

Средний

9.8 Critical

CVSS3

Дефекты

CWE-116

Связанные уязвимости

GHSA-c8qh-hq9w-qh3p