CVE-2022-25152 - OpenCVE

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Itarian	On-premise Saas Service Desk

Configuration 1 [-]

OR	cpe:2.3:a:itarian:on-premise::::::::
	cpe:2.3:a:itarian:saas_service_desk::::::::

No data.

References

Link	Providers
https://csirt.divd.nl/CVE-2022-25152
https://csirt.divd.nl/DIVD-2021-00037

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: DIVD

Published: 2022-06-08T00:00:00Z

Updated: 2024-09-17T04:29:43.000Z

Reserved: 2022-02-14T00:00:00

Link: CVE-2022-25152

Vulnrichment

Updated: 2024-08-03T04:29:01.861Z

NVD

Status : Analyzed

Published: 2022-06-09T17:15:08.847

Modified: 2022-06-16T14:56:22.063

Link: CVE-2022-25152

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ITarian platform (SAAS / on-premise)", "vendor": "ITarian", "versions": [{"lessThan": "6.35.37347.20040", "status": "affected", "version": "any version", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD."}], "datePublic": "2022-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-358", "description": "CWE-358 Improperly Implemented Security Check for Standard", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2024-08-06T12:32:40.482Z"}, "references": [{"tags": ["x_refsource_CONFIRM", "related"], "url": "https://csirt.divd.nl/DIVD-2021-00037"}, {"tags": ["x_refsource_CONFIRM", "third-party-advisory"], "url": "https://csirt.divd.nl/CVE-2022-25152"}], "source": {"advisory": "DIVD-2021-00037", "discovery": "INTERNAL"}, "title": "ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals", "x_generator": {"engine": "Vulnogram 0.0.9"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-25152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-23T16:47:46.842293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:15:34.854Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:29:01.861Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "related", "x_transferred"], "url": "https://csirt.divd.nl/DIVD-2021-00037"}, {"tags": ["x_refsource_CONFIRM", "third-party-advisory", "x_transferred"], "url": "https://csirt.divd.nl/CVE-2022-25152"}]}]}, "cveMetadata": {"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "assignerShortName": "DIVD", "cveId": "CVE-2022-25152", "datePublished": "2022-06-08T00:00:00Z", "dateReserved": "2022-02-14T00:00:00", "dateUpdated": "2024-09-17T04:29:43.000Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://csirt.divd.nl/DIVD-2021-00037", "tags": ["x_refsource_CONFIRM", "related", "x_transferred"]}, {"url": "https://csirt.divd.nl/CVE-2022-25152", "tags": ["x_refsource_CONFIRM", "third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:29:01.861Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-25152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-23T16:47:46.842293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T16:47:59.332Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals", "source": {"advisory": "DIVD-2021-00037", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD."}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ITarian", "product": "ITarian platform (SAAS / on-premise)", "versions": [{"status": "affected", "version": "any version", "lessThan": "6.35.37347.20040", "versionType": "custom"}]}], "datePublic": "2022-02-23T00:00:00", "references": [{"url": "https://csirt.divd.nl/DIVD-2021-00037", "tags": ["x_refsource_CONFIRM", "related"]}, {"url": "https://csirt.divd.nl/CVE-2022-25152", "tags": ["x_refsource_CONFIRM", "third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-358", "description": "CWE-358 Improperly Implemented Security Check for Standard"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2024-08-06T12:32:40.482Z"}}}, "cveMetadata": {"cveId": "CVE-2022-25152", "state": "PUBLISHED", "dateUpdated": "2024-09-17T04:29:43.000Z", "dateReserved": "2022-02-14T00:00:00", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "datePublished": "2022-06-08T00:00:00Z", "assignerShortName": "DIVD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:itarian:on-premise:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3E27C42-2DFA-4FC5-8B05-C120E35ABE75", "versionEndExcluding": "6.35.37347.20040", "vulnerable": true}, {"criteria": "cpe:2.3:a:itarian:saas_service_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8F85257-D85E-4E07-9CDE-0CE2146E354B", "versionEndExcluding": "6.35.37347.20040", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents."}, {"lang": "es", "value": "La plataforma ITarian (SAAS / on-premise) ofrece la posibilidad de ejecutar c\u00f3digo en los agentes por medio de una funci\u00f3n llamada procedimientos. Es posible requerir un proceso de aprobaci\u00f3n obligatorio. Debido a una vulnerabilidad en el proceso de aprobaci\u00f3n, presente en cualquier versi\u00f3n anterior a 6.35.37347.20040, un actor malicioso (con un token de sesi\u00f3n v\u00e1lido) puede crear un procedimiento, omitir la aprobaci\u00f3n y ejecutar el procedimiento. Esto resulta en la capacidad de cualquier usuario con un token de sesi\u00f3n v\u00e1lido para llevar a cabo la ejecuci\u00f3n de c\u00f3digo arbitrario y la toma de control total del sistema en todos los agentes"}], "id": "CVE-2022-25152", "lastModified": "2022-06-16T14:56:22.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "csirt@divd.nl", "type": "Secondary"}]}, "published": "2022-06-09T17:15:08.847", "references": [{"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/CVE-2022-25152"}, {"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/DIVD-2021-00037"}], "sourceIdentifier": "csirt@divd.nl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-358"}], "source": "csirt@divd.nl", "type": "Secondary"}]}