CVE-2022-34825

2022-11-0800:00:00

NEC

www.cve.org

uncontrolled search path

clusterpro x 5.0

windows

remote attacker

arbitrary code

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

CNA Affected

[
  {
    "vendor": "NEC Corporation",
    "product": "CLUSTERPRO X",
    "versions": [
      {
        "version": "CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jpn.nec.com/security-info/secinfo/nv22-014_en.html