helpsystems cobalt-strike CVE-2022-39197 is a vulnerability in Helpsystems Cobalt Strike
Published on September 22, 2022

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

The following remediation steps are recommended / required by April 20, 2023: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2022-39197 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2022-39197 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2022-39197

You can be notified by stack.watch whenever vulnerabilities like CVE-2022-39197 are published in these products:

Helpsystems Cobalt Strike
 

What versions of Cobalt Strike are vulnerable to CVE-2022-39197?