CVE-2022-39197 - OpenCVE

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Helpsystems	Cobalt Strike

Configuration 1 [-]

cpe:2.3:a:helpsystems:cobalt_strike:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/
https://www.cobaltstrike.com/blog/tag/release/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-22T00:43:41

Updated: 2024-08-03T12:00:42.454Z

Reserved: 2022-09-02T00:00:00

Link: CVE-2022-39197

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-22T01:15:11.963

Modified: 2022-09-22T19:57:02.237

Link: CVE-2022-39197

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-22T00:43:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cobaltstrike.com/blog/tag/release/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-39197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.cobaltstrike.com/blog/tag/release/", "refsource": "MISC", "url": "https://www.cobaltstrike.com/blog/tag/release/"}, {"name": "https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/", "refsource": "MISC", "url": "https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:42.454Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cobaltstrike.com/blog/tag/release/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-39197", "datePublished": "2022-09-22T00:43:41", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:42.454Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2023-04-20", "cisaExploitAdd": "2023-03-30", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helpsystems:cobalt_strike:*:*:*:*:*:*:*:*", "matchCriteriaId": "905488EB-B145-4B5C-BF01-F4D73B372A61", "versionEndIncluding": "4.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed)."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de tipo XSS (Cross Site Scripting) en HelpSystems Cobalt Strike versiones hasta 4.7 que permit\u00eda a un atacante remoto ejecutar HTML en el servidor de equipos de Cobalt Strike. Para explotar la vulnerabilidad, uno debe primero inspeccionar una carga \u00fatil de Cobalt Strike y, a continuaci\u00f3n, modificar el campo username en la carga \u00fatil (o crear una nueva carga \u00fatil con la informaci\u00f3n extra\u00edda y, a continuaci\u00f3n, modificar ese campo username para que est\u00e9 malformado)"}], "id": "CVE-2022-39197", "lastModified": "2022-09-22T19:57:02.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-22T01:15:11.963", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.cobaltstrike.com/blog/tag/release/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}