CVE-2022-48199

Published: Jan 26, 2023Modified: Apr 2, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system.

Affected (1)

Products: Softperfect: Networx

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Softperfect Networx	Version 7.1.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://giuliamelottigaribaldi.com/cve-2022-48199/

Source: cve@mitre.org

Third Party Advisory

https://www.softperfect.com/products/changelog.php?product_id=2

Source: cve@mitre.org

Release NotesVendor Advisory

https://giuliamelottigaribaldi.com/cve-2022-48199/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.softperfect.com/products/changelog.php?product_id=2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.