CVE-2022-41924

Exploit

EPSS 1.56%
Veröffentlicht 23.11.2022 19:15:12
Zuletzt bearbeitet 21.11.2024 07:24:04
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tailscale ≫ Tailscale Version < 1.32.3

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.56%	0.719

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
security-advisories@github.com	9.6	2.8	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:H

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://emily.id.au/tailscale

Third Party Advisory

Exploit

Technical Description

https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp

Third Party Advisory

https://tailscale.com/security-bulletins/#ts-2022-004

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41924

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-41924