CVE-2022-23748

Name of the Vulnerable Software and Affected Versions mDNSResponder.exe (affected versions not specified) Audinate Dante Application Library version le1.2.0

Description The issue is related to a DLL Sideloading attack, where the executable improperly specifies how to load the DLL, from which folder and under what conditions. This allows a malicious attacker to use the valid and legitimate executable to load malicious files. The vulnerability is also associated with incorrect path handling in the Dante Discovery Process Control. Exploitation of this issue may enable a remote attacker to upload arbitrary files. The vulnerability has been reportedly used by the ToddyCat APT group in targeted attacks against telecoms and government ministries in Asia.

Recommendations As a temporary workaround, consider restricting access to the mDNSResponder.exe executable until a patch is available. For Audinate Dante Application Library version le1.2.0, update to a newer version if available, or apply configuration changes to minimize the risk of exploitation. Restrict the use of the vulnerable DLL loading mechanism to prevent malicious file uploads. Avoid using the vulnerable mDNSResponder.exe executable in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.