CVE-2022-23862

Published: Oct 22, 2024Modified: Oct 30, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

Affected (1)

Products: Ysoft: Safeq

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ysoft Safeq	Version 6.0 build53

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (3)

https://github.com/mbadanoiu/CVE-2022-23862

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf

Source: cve@mitre.org

Exploit

https://ysoft.com

Source: cve@mitre.org

Product

Timeline

No history available yet.