CVE-2022-22789 - OpenCVE

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Charactell	Formstorm

Configuration 1 [-]

cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*

References

Link	Resource
https://www.gov.il/en/departments/faq/cve_advisories	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCD

Published: 2022-01-25T19:11:08

Updated: 2022-01-25T19:11:08

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22789

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-25T20:15:08.953

Modified: 2022-02-01T16:18:31.077

Link: CVE-2022-22789

JSON object: View

Redhat Information

No data.

CWE

CWE-312

{"containers": {"cna": {"affected": [{"product": "FormStorm Enterprise", "vendor": "Charactell ", "versions": [{"status": "affected", "version": "FormStorm Enterprise version 9.00.065 9.00.065"}]}], "credits": [{"lang": "en", "value": "Michael Starchenko"}], "descriptions": [{"lang": "en", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Account Take Over", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-25T19:11:08", "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"}], "source": {"advisory": "ILVN-2022-0010", "defect": ["ILVN-2022-0010"], "discovery": "EXTERNAL"}, "title": "Charactell - FormStorm Enterprise Account Take Over", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cyber.gov.il", "ID": "CVE-2022-22789", "STATE": "PUBLIC", "TITLE": "Charactell - FormStorm Enterprise Account Take Over"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FormStorm Enterprise", "version": {"version_data": [{"version_name": "FormStorm Enterprise version 9.00.065", "version_value": "9.00.065"}]}}]}, "vendor_name": "Charactell "}]}}, "credit": [{"lang": "eng", "value": "Michael Starchenko"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Account Take Over"}]}]}, "references": {"reference_data": [{"name": "https://www.gov.il/en/departments/faq/cve_advisories", "refsource": "MISC", "url": "https://www.gov.il/en/departments/faq/cve_advisories"}]}, "solution": [{"lang": "en", "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"}], "source": {"advisory": "ILVN-2022-0010", "defect": ["ILVN-2022-0010"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "cveId": "CVE-2022-22789", "datePublished": "2022-01-25T19:11:08", "dateReserved": "2022-01-07T00:00:00", "dateUpdated": "2022-01-25T19:11:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2969F303-4E6C-4481-9E8A-7A6386FDA210", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}, {"lang": "es", "value": "Charactell - FormStorm Enterprise Account takeover - Un atacante puede modificar (a\u00f1adir, eliminar y actualizar) el archivo de contrase\u00f1as de todos los usuarios. El archivo xx_users.ini de la carpeta FormStorm contiene nombres de usuario en texto sin cifrar y una contrase\u00f1a ofuscada. Un usuario malicioso puede hacerse con una cuenta al sustituir la contrase\u00f1a existente en el archivo"}], "id": "CVE-2022-22789", "lastModified": "2022-02-01T16:18:31.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.7, "source": "cna@cyber.gov.il", "type": "Secondary"}]}, "published": "2022-01-25T20:15:08.953", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}