Lucene search

[email protected]CVE-2022-28747

HistoryAug 25, 2022 - 11:15 p.m.

CVE-2022-28747

2022-08-2523:15:08

[email protected]

web.nvd.nist.gov

cve-2022-28747

key reuse

gosecure titan

inbox detection & response

idr

remote code execution

vulnerability

serialized payload

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload.

Affected configurations

NVD

Node

gosecuretitan_inbox_detection_\&_responseRange<4.1.1

CPENameOperatorVersion
gosecure:titan_inbox_detection_\&_responsegosecure titan inbox detection & responselt4.1.1

CPE	Name	Operator	Version
gosecure:titan_inbox_detection_\&_response	gosecure titan inbox detection & response	lt	4.1.1

References

s3.us-west-2.amazonaws.com/download.countertack.com/files/IDR/IDR-4.1.1-Release-Notes.pdf

www.gosecure.net

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2022-28747

nvd1 prion1 cvelist1