CVE-2022-39197 is a vulnerability in Helpsystems Cobalt Strike
Published on September 22, 2022
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
Known Exploited Vulnerability
This Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.
The following remediation steps are recommended / required by April 20, 2023: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2022-39197 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2022-39197 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2022-39197
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-39197 are published in these products:
What versions of Cobalt Strike are vulnerable to CVE-2022-39197?
- Helpsystems Cobalt Strike Up to Version 4.7