Exploit
CVE-2022-4257

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

Published: Dec 1, 2022 / Updated: 23mo ago

010
CVSS 9.8EPSS 0.11%Critical
CVE info copied to clipboard

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-4257. See article

Dec 1, 2022 at 1:37 PM / vuldb.com
Threat Intelligence Report

The vulnerability CVE-2022-4257 is a critical command injection vulnerability in the C-Data Web Management System. It allows remote attackers to execute arbitrary commands on the affected system. There are no known exploits in the wild, but proof-of-concept exploits are available. Mitigations and patches have not been released yet, and there are no reported downstream impacts to other vendors or technologies. See article

Feb 23, 2023 at 12:11 PM
EPSS

EPSS Score was set to: 0.11% (Percentile: 43.6%)

Sep 22, 2023 at 7:50 PM
Static CVE Timeline Graph

Affected Systems

Cdatatec/c-data_web_management_system
+null more

Exploits

https://github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md
+null more

Proof Of Exploit

https://unit42.paloaltonetworks.com/mirai-variant-v3g4/
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Bluepurple Pulse: week ending February 26th
Social Engineering - A Coinbase Case Study - Coinbase recently experienced a cybersecurity attack that targeted one of its employees and executives should read this to appreciate what lengths threat actors will go to (also amazing transparency). The attackers were able to inject a malicious inline JavaScript code into the targeted websites by exploiting a vulnerability.
IoT Devices Targeted by V3G4 Mirai
Threat actors are seen leveraging a Mirai botnet variant called V3G4 in several campaigns targeting 13 unpatched vulnerabilities found in a range of IoT devices to propagate. The threat actors behind Mirai were most recently observed exploiting a known critical vulnerability, CVE-2022-46169, found in the Cacti device monitoring tool.
Mirai Variant V3G4 Targets IoT Devices
Palo Alto Networks Next-Generation Firewall customers receive protections through cloud-delivered security services such as IoT Security, Advanced Threat Prevention, WildFire, and Advanced URL Filtering, which can help detect and block the exploit traffic and malware. However, samples from the September and December 2022 campaigns don’t contain the functions of vulnerability exploitation and brute force of credentials (this is shown in Figure 10).
See 1 more references

News

Outbreak Alert: C-DATA Web Management System RCE Attack
This article describes the assessment of Remote Code Execution vulnerability in C-Data Web Management software. To configure the scan, it will be necessary to enable the FSE group signature 'cdata' which will select the underlying script: ‘CVE-2022-4257-CData-Web-Management-RCE-Vulnerability.’
FortiGuard Outbreak Alerts
The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to... FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old...
FortiGuard Outbreak Alert: C-DATA Web Management System RCE Attack
C-DATA Web Management System has a remote code execution vulnerability which allows attackers to send a specially crafted HTTP POST request to the application and execute arbitrary OS commands on the target system. FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “C-DATA Web Management System RCE Attack” related activities
Outbreak Alert: C-DATA Web Management System RCE Attack
FortiRecon Digital Risk Protection (DRP), a SaaS-based service, includes External Attack Surface Management, Brand Protection, and Adversary Centric Intelligence. Adversary Centric Intelligence (ACI): leverages FortiGuard Threat Analysis to provide comprehensive coverage of dark web, open-source, and technical threat intelligence, including threat actor insights to enable organizations to respond proactively assess risks, respond faster to incidents, better understand their attackers, and guard assets. The Vulnerability Intelligence Module under Adversary Centric Intelligence (ACI) provides a realistic view of the impact of the vulnerability based upon chatter and discussion of the same across various external sources such as Darkweb, social media, News / Blogs etc. CVE ID CVE-2022-4257 CVE Title C-DATA Web Management System GET Parameter cgi-bin/jumpto.php hostname argument injection NVD Severity CRITICAL FortiRecon Severity HIGH FortiRecon Score 70/100 Exploited Yes Exploited by Ransomware Group(s) No Exploited by APT Group(s) No Included in CISA KEV List No Available working exploit(s) 0 Available POC exploit(s) 0 Darknet Mention(s) 0 Telegram Mention(s) 0 FortiRecon Intelligence Reporting(s) 1 (OSINT) Social Media Mention(s) 10 EASM Scanner No
C-DATA Web Management System RCE Attack
FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year old vulnerability found on C-DATA Web Management System. Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
See 34 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI