CVE-2022-48199

Name of the Vulnerable Software and Affected Versions SoftPerfect NetWorx version 7.1.1

Description The issue allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account. This is achieved by abusing the Notifications function, which permits arbitrary binary execution and can be modified by any user. As a result, the binary execution occurs in the context of any user running the software. If the Notifications function is modified to execute a malicious binary, it will be executed by every user running the software on the system.

Recommendations For SoftPerfect NetWorx version 7.1.1, consider disabling the Notifications function until a patch is available to prevent arbitrary binary execution. Restrict access to the Notifications function to minimize the risk of exploitation.