PT-2022-22376 · Unknown · Clusterpro X+3
Published
2022-11-08
·
Updated
2022-11-09
·
CVE-2022-34824
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CLUSTERPRO X versions 5.0 and earlier
EXPRESSCLUSTER X versions 5.0 and earlier
CLUSTERPRO X SingleServerSafe versions 5.0 and earlier
EXPRESSCLUSTER X SingleServerSafe versions 5.0 and earlier
Description
The issue allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. This is due to weak file and folder permissions in the affected software.
Recommendations
For CLUSTERPRO X versions 5.0 and earlier, update to a version that addresses the weak file and folder permissions issue.
For EXPRESSCLUSTER X versions 5.0 and earlier, update to a version that addresses the weak file and folder permissions issue.
For CLUSTERPRO X SingleServerSafe versions 5.0 and earlier, update to a version that addresses the weak file and folder permissions issue.
For EXPRESSCLUSTER X SingleServerSafe versions 5.0 and earlier, update to a version that addresses the weak file and folder permissions issue.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clusterpro X
Clusterpro X Singleserversafe
Expresscluster X
Expresscluster X Singleserversafe