Lucene search

KrcertCVELIST:CVE-2022-41158

HistoryNov 25, 2022 - 12:00 a.m.

CVE-2022-41158 eyoom builder Remote Code Execution Vulnerability

2022-11-2500:00:00

CWE-94

CWE-22

krcert

www.cve.org

cve-2022-41158

eyoom builder

remote attacker

malicious code

file paths

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.

CNA Affected

[
  {
    "vendor": "eyoom Co.,Ltd",
    "product": "eyoom builder",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "4.5.3",
        "status": "affected",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Linux"
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67043

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVELIST:CVE-2022-41158