A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.
References
Link | Resource |
---|---|
https://github.com/mbadanoiu/CVE-2022-23862 | Exploit Third Party Advisory |
https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf | Exploit |
https://ysoft.com | Product |
Configurations
History
30 Oct 2024, 21:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/mbadanoiu/CVE-2022-23862 - Exploit, Third Party Advisory | |
References | () https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf - Exploit | |
References | () https://ysoft.com - Product | |
CPE | cpe:2.3:a:ysoft:safeq:6.0:build53:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Ysoft safeq
Ysoft |
23 Oct 2024, 15:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Oct 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
22 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-22 16:15
Updated : 2024-10-30 21:21
NVD link : CVE-2022-23862
Mitre link : CVE-2022-23862
CVE.ORG link : CVE-2022-23862
JSON object : View
Products Affected
ysoft
- safeq
CWE
CWE-306
Missing Authentication for Critical Function