PT-2022-16734 · Unknown · Aceweb Online Portal

Published

2022-05-27

Updated

2022-06-11

CVE-2022-24581

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ACEweb Online Portal version 3.5.065

Description The issue allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.

Recommendations For ACEweb Online Portal version 3.5.065, consider restricting access to the file upload functionality until a patch is available. As a temporary workaround, avoid using the UNC file path of an external SMB share when uploading files to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-24581

Affected Products

Aceweb Online Portal

PT-2022-16734 · Unknown · Aceweb Online Portal

CVE-2022-24581

Weakness Enumeration

Related Identifiers

Affected Products

References · 5