Lucene search

Rapid7CVE-2022-35631

HistoryJul 29, 2022 - 5:15 p.m.

CVE-2022-35631

2022-07-2917:15:09

CWE-377

CWE-59

rapid7

web.nvd.nist.gov

cve-2022-35631

symlink attack

velociraptor

macos

linux

nvd

security

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.

Affected configurations

Nvd

Node

rapid7velociraptorRange<0.6.5-2

AND

applemacosMatch-

linuxlinux_kernelMatch-

VendorProductVersionCPE
rapid7velociraptor*cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rapid7	velociraptor	*	cpe:2.3:a:rapid7:velociraptor::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

CNA Affected

[
  {
    "product": "Velociraptor",
    "vendor": "Rapid7",
    "versions": [
      {
        "lessThan": "0.6.5-2",
        "status": "affected",
        "version": "0.6.5-2",
        "versionType": "custom"
      }
    ]
  }
]

References

www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/

Social References

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-35631