CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://aceware.com	Product
http://aceweb.com	Product
https://www.aceware.com/forum/viewtopic.php?f=7&t=481	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aceware:aceweb_online_portal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-02 14:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-24581

Mitre link : CVE-2022-24581

CVE.ORG link : CVE-2022-24581

JSON object : View

Products Affected

aceware

aceweb_online_portal

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2022-24581", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-06-02T14:15:37.103", "references": [{"url": "http://aceware.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "http://aceweb.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.aceware.com/forum/viewtopic.php?f=7&t=481", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software."}, {"lang": "es", "value": "ACEweb Online Portal versi\u00f3n 3.5.065, permite una captura de hash SMB no autenticada por medio de UNC. Al especificar la ruta de archivo UNC de un recurso compartido SMB externo cuando es cargado un archivo, un atacante puede inducir al servidor v\u00edctima a revelar el hash del nombre de usuario y la contrase\u00f1a del usuario que ejecuta el software ACEweb Online"}], "lastModified": "2022-06-11T00:58:10.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aceware:aceweb_online_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D75D1C-46F2-47B8-BD66-F2188A007733", "versionEndExcluding": "3.5.065"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}