Lucene search

[email protected]NVD:CVE-2022-24688

HistoryJul 18, 2022 - 1:15 p.m.

CVE-2022-24688

2022-07-1813:15:09

CWE-434

[email protected]

web.nvd.nist.gov

dsknet security

file upload vulnerability

remote code execution

broken access control

sql injection

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

85.6%

JSON

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved by exploiting the Broken Access Control with further Brute-force attack or SQL Injection.) The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain .php?action= page.

Affected configurations

Nvd

Node

dskdsknetMatch2.16.136.0

dskdsknetMatch2.17.136.5

VendorProductVersionCPE
dskdsknet2.16.136.0cpe:2.3:a:dsk:dsknet:2.16.136.0:*:*:*:*:*:*:*
dskdsknet2.17.136.5cpe:2.3:a:dsk:dsknet:2.17.136.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dsk	dsknet	2.16.136.0	cpe:2.3:a:dsk:dsknet:2.16.136.0:::::::*
dsk	dsknet	2.17.136.5	cpe:2.3:a:dsk:dsknet:2.17.136.5:::::::*

References

dsk.lu/fr/produits/temps-de-presence

github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-24688-92.pdf

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

85.6%

JSON

Related for NVD:CVE-2022-24688

cve1 prion1 cvelist1