CVE-2022-23764

Published Aug 17, 2022

Last updated 3 years ago

CVSS critical 9.8

Overview

Description: The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.
Source: vuln@krcert.or.kr
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-346
vuln@krcert.or.kr: CWE-346

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:teruten:webcube:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DECF1DAD-D0BF-4BDC-9286-EB610BDEFF84",
            "versionEndExcluding": "1.2.0.0",
            "versionStartIncluding": "1.0.5.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References