Lucene search

[email protected]CVE-2022-25216

HistoryMar 11, 2022 - 6:15 p.m.

CVE-2022-25216

2022-03-1118:15:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-25216

absolute path traversal

dvdfab 12 player

playerfab

windows file system

remote attacker

http get request

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.013 Low

EPSS

Percentile

86.1%

JSON

An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.

CPENameOperatorVersion
dvdfab:12_playerdvdfab 12 playerle6.2.11
dvdfab:playerfabdvdfab playerfable7.0.0.5

CPE	Name	Operator	Version
dvdfab:12_player	dvdfab 12 player	le	6.2.11
dvdfab:playerfab	dvdfab playerfab	le	7.0.0.5

References

www.tenable.com/security/research/tra-2022-07

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2022-25216

prion1 cvelist1 nuclei1