CVE-2022-34824 - OpenCVE

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nec	Expresscluster X Singleserversafe Expresscluster X

Configuration 1 [-]

OR	cpe:2.3:a:nec:expresscluster_x::::::windows::*
	cpe:2.3:a:nec:expresscluster_x_singleserversafe::::::windows::*

References

Link	Resource
https://jpn.nec.com/security-info/secinfo/nv22-014_en.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: NEC

Published: 2022-11-08T00:00:00

Updated: 2022-11-08T00:00:00

Reserved: 2022-06-29T00:00:00

Link: CVE-2022-34824

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-08T22:15:14.353

Modified: 2022-11-09T16:30:46.913

Link: CVE-2022-34824

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "24FBE714-4A8F-420F-9D08-D927B8C3E4C5", "versionEndIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "591AE130-A2FE-413E-B92E-2468A6E65A6B", "versionEndIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."}, {"lang": "es", "value": "Vulnerabilidad de permisos d\u00e9biles de archivos y carpetas en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones anteriores, CLUSTERPRO X 5.0 SingleServerSafe para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 SingleServerSafe para Windows y versiones anteriores permite que un atacante remoto no autenticado sobrescriba archivos existentes en el sistema de archivos y potencialmente ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2022-34824", "lastModified": "2022-11-09T16:30:46.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-08T22:15:14.353", "references": [{"source": "psirt-info@cyber.jp.nec.com", "tags": ["Vendor Advisory"], "url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}