CVE-2022-34823 - OpenCVE

Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nec	Expresscluster X Singleserversafe Expresscluster X

Configuration 1 [-]

OR	cpe:2.3:a:nec:expresscluster_x::::::windows::*
	cpe:2.3:a:nec:expresscluster_x_singleserversafe::::::windows::*

References

Link	Resource
https://jpn.nec.com/security-info/secinfo/nv22-014_en.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: NEC

Published: 2022-11-08T00:00:00

Updated: 2022-11-08T00:00:00

Reserved: 2022-06-29T00:00:00

Link: CVE-2022-34823

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-08T22:15:13.993

Modified: 2022-11-09T16:30:32.357

Link: CVE-2022-34823

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "24FBE714-4A8F-420F-9D08-D927B8C3E4C5", "versionEndIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "591AE130-A2FE-413E-B92E-2468A6E65A6B", "versionEndIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de b\u00fafer en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones anteriores, CLUSTERPRO X 5.0 SingleServerSafe para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 SingleServerSafe para Windows y versiones anteriores permiten que un atacante remoto no autenticado sobrescriba archivos existentes en el sistema de archivos y potencialmente ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2022-34823", "lastModified": "2022-11-09T16:30:32.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-08T22:15:13.993", "references": [{"source": "psirt-info@cyber.jp.nec.com", "tags": ["Vendor Advisory"], "url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}