CVE-2022-23862

Exploit

EPSS 0.16%
Published 22.10.2024 16:15:05
Last modified 30.10.2024 21:21:09
Source cve@mitre.org
Teams watchlist Login
Open Login

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Ysoft ≫ Safeq Version6.0 Updatebuild53

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.371

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://ysoft.com

Product

https://github.com/mbadanoiu/CVE-2022-23862

Third Party Advisory

Exploit

https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-23862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23862

EUVD