CVE-2022-42948
CVE-2022-42948
In short
Cobalt Strike 4.7.1 doesn't properly filter HTML code in its user interface, allowing attackers to inject malicious HTML that executes code when displayed. This lets remote attackers take control of the Cobalt Strike application itself.
Technical detail
CWE-116 (improper encoding/escaping) vulnerability in Cobalt Strike 4.7.1's Swing components allows HTML injection via unsanitized input. An attacker can craft malicious HTML payloads that execute arbitrary code within the Cobalt Strike UI context when rendered, requiring only the ability to send data displayed in the interface.
Summary generated and translated by AI from the official description.
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948https://www.cobaltstrike.com/blog/https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/