CVE-2022-23766
CVSS V2 None
CVSS V3 High 8.8
Description
An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.
Overview
- CVE ID
- CVE-2022-23766
- Assigner
- vuln@krcert.or.kr
- Vulnerability Status
- Analyzed
- Published Version
- 2022-09-19T20:15:12
- Last Modified Date
- 2022-09-21T16:28:30
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:bigfile:bigfileagent:*:*:*:*:*:*:*:* | 1 | OR | 1.0.1.9 | |
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.8
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66925 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-23766 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23766 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-09-19 21:00:12 | Added to TrackCVE |