CVE-2022-25216

{"id": "CVE-2022-25216", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-11T18:15:40.160", "references": [{"url": "https://www.tenable.com/security/research/tra-2022-07", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2022-07", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta absoluto permite a un atacante remoto descargar cualquier archivo del sistema de archivos de Windows para el que la cuenta de usuario que ejecuta el reproductor DVDFab 12 (recientemente rebautizado como PlayerFab) tenga acceso de lectura, mediante una petici\u00f3n HTTP GET a http://(IP_ADDRESS):32080/download/(URL_ENCODED_PATH)"}], "lastModified": "2024-11-21T06:51:49.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dvdfab:12_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04A49351-BCD5-4568-A944-F189FEBD1A8D", "versionEndIncluding": "6.2.11", "versionStartIncluding": "6.2.10"}, {"criteria": "cpe:2.3:a:dvdfab:playerfab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1223532D-3620-44C6-8F6D-3E0E2FFC8D55", "versionEndIncluding": "7.0.0.5", "versionStartIncluding": "7.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}