Skip links

Top 5 CVEs: Critical Vulnerabilities and Exploits in Cybersecurity

Jump To Section

In this month of our Top 5 CVEs, we will cover a few web-based CVEs that have a high impact and low complexity in execution. These vulnerabilities were selected based on their prevalence as well as the availability of public exploits.
Digital Transformation with Digital Business Methodology

In this month of our Top 5 CVEs, we will cover a few web-based CVEs that have a high impact and low complexity in execution. These vulnerabilities were selected based on their prevalence as well as the availability of public exploits.

The following CVEs will be covered on this month’s blog:

  1. CVE-2022-22965 – Spring4Shell
  2. CVE-2022-0847 – Linux Dirty Pipe
  3. CVE-2022-0441 – MasterStudy LMS WordPress Plugin – Unauthenticated Admin User Creation
  4. CVE-2022-0824 – Webmin Broken Access Control and Remote Code Execution
  5. CVE-2022-24706 – CouchDB Remote Privilege Escalation

CVE-2022-22965 – Spring4Shell

March 2022, a vulnerability was discovered by VMWare in the Java Spring Framework affecting Spring applications running Java 9. This vulnerability was named “Spring4Shell” as a play on Log4Shell, a vulnerability that was discovered the previous year 2021. The CVE identifier CVE-2022-22965 was assigned to this vulnerability.

This vulnerability allows attackers to execute remote command execution by uploading a web shell. The attack abuses data transmitted in HTTP requests and allows them to upload a malicious .jsp file by overwriting the Tomcat logging configuration. This can be easily achieved by using publicly available scripts and exploits.

This vulnerability affects JDK version 9 and newer.

References:

https://kb.vmware.com/s/article/88203

https://nvd.nist.gov/vuln/detail/cve-2022-22965

CVE-2022-0847 – Linux Dirty Pipe

Similar to the”Dirty Cow” exploit, Dirty Pipe (CVE-2022-0847) is a Linux kernel vulnerability that grants a low-priv user the ability to modify read-only files. This is due to the system call “splice()” which can be abused to splice a page into a pipe and overwriting the contents on the page.

Attackers can arbitrarily overwrite files on the OS such as the /etc/passwd file and grant compromised low privileged accounts to have elevated privilege and gain access on the machine as admin or root.

This vulnerability affects Linux Kernel versions 5.8 to 5.16.10, 5.15.24, and 5.10.101.

References:

https://dirtypipe.cm4all.com

https://nvd.nist.gov/vuln/detail/cve-2022-0847

CVE-2022-0441 – MasterStudy LMS WordPress Plugin – Unauthenticated Admin User Creation

The MasterStudy LMS is a WordPress plugin for online learning platforms. The plugin lets you build and sell courses on your website. A plugin before v2.7.6 is susceptible to a critical vulnerability which can allow the creation of admin accounts without authentication. This is due to an issue with the plugin not validating certain parameters when registering a new account.

There are multiple ways to run this exploit manually and using publicly available scripts. An attacker can also use tools such as Metasploit to easily carry out this attack.

Below is an example code of the json post data that is requested which adds a user to the admin group.

Source: msf module – auxiliary/admin/http/wp_masterstudy_privesc

json_post_data = JSON.pretty_generate({
‘user_login’ => username,
‘user_email’ => email,
‘user_password’ => password,
‘user_password_re’ => password,
‘become_instructor’ => ”,
‘privacy_policy’ => true,
‘degree’ => ”,
‘expertize’ => ”,
‘auditory’ => ”,
‘additional’ => [],
‘additional_instructors’ => [],
‘profile_default_fields_for_register’ => {
‘wp_capabilities’ => {
‘value’ => { ‘administrator’ => 1 }
}
}
})

References:

https://nvd.nist.gov/vuln/detail/cve-2022-0441

Metasploit Module Source Code:

https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/http/wp_masterstudy_privesc.rb

CVE-2022-0824 – Webmin Broken Access Control and Remote Code Execution

Webmin is a free, open-source application and web control panel for Unix system administrators that can be accessed through any modern web browser. The interface allows you to setup user accounts, configure DNS, file sharing and more.

This year, a critical vulnerability was found on Webmin servers. A version of Webmin, v1.1984 has a vulnerable File Manager module that allows any unauthenticated low privilege user to access the File Manager module and allow them to execute malicious file uploads and gaining Remote Code Execution by crafting a payload via a .cgi file.

At the time of writing this blog, there are 17k+ downloads a week on sourceforge.net

The attack is achieved by the following steps:

  1. Attacker uses a web proxy such as Burpsuite or OWASP Zap to capture requests
  2. Register and log in as a low privileged user
  3. Create a .cgi file with a reverse shell payload
  4. Make the file available for download on an accessible server
  5. Setup a listener on the attacker machine
  6. Upload the malicious file via a POST request. (The file manager on webmin will download the malicious file)
  7. Access the file on the website folder to trigger the exploit and gain shell

The ease of this attack is not very difficult and can be executed on unpatched or out of date Webmin versions.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-0824

CVE-2022-24706 – CouchDB Remote Privilege Escalation

A critical vulnerability discovered by Alex Vandiver was found on Apache CouchDB prior to 3.2.2 which allowed an attacker to perform a privilege escalation technique with low complexity. The attacker would simply access an improperly secured default installation without authentication and gain elevated privileges.

The straightforwardness of this exploit makes it on our list as this does not require special tools and simply uses publicly accessible scripts. This affects all versions of CouchDB before 3.2.1 and affects the open epmd port 4369 and port 5984.

“Installations that do not expose the separate distribution port to external access are not vulnerable.”

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2022-24706

https://docs.couchdb.org/en/stable/cve/2022-24706.html

Picture of Matthew Manalac

Matthew Manalac

Latest Reads

Subscribe

Suggested Reading

Ready to Unlock Your Enterprise's Full Potential?

Vikas Krishan

Chief Digital Business Officer and Head of the EMEA region

Vikas (Vik) Krishan serves as the Chief Digital Business Officer and Head of the EMEA region for Altimetrik. He is responsible for leading and growing the company’s presence across new and existing client relationships within the region.

Vik is a seasoned executive and brings over 25 years of global experience in Financial Services, Digital, Management Consulting, Pre- and Post-deal services and large/ strategic transformational programmes, gained in a variety of senior global leadership roles at firms such as Globant, HCL, Wipro, Logica and EDS and started his career within Investment Banking. He has developed significant cross industry experience across a wide variety of verticals, with a particular focus on working with and advising the C-Suite of Financial Institutions, Private Equity firms and FinTech’s on strategy and growth, operational excellence, performance improvement and digital adoption.

He has served as the engagement lead on multiple global transactions to enable the orchestration of business, technology, and operational change to drive growth and client retention.

Vik, who is based in London, serves as a trustee for the Burma Star Memorial Fund, is a keen photographer and an avid sportsman.

Megan Farrell Herrmanns

Chief Digital Officer, US Central

Megan is a senior business executive with a passion for empowering customers to reach their highest potential. She has depth and breadth of experience working across large enterprise and commercial customers, and across technical and industry domains. With a track record of driving measurable results, she develops trusted relationships with client executives to drive organizational growth, unlock business value, and internalize the use of digital business as a differentiator.

At Altimetrik, Megan is responsible for expanding client relationships and developing new business opportunities in the US Central region. Her focus is on digital business and utilizing her experience to create high growth opportunities for clients. Moreover, she leads the company’s efforts in cultivating and enhancing our partnership with Salesforce, strategically positioning our business to capitalize on new business opportunities.

Prior to Altimetrik, Megan spent 10 years leading Customer Success at Salesforce, helping customers maximize the value of their investments across their technology stack. Prior to Salesforce, Megan spent over 15 years with Accenture, leading large transformational projects for enterprise customers.

Megan earned a Bachelor of Science in Mechanical Engineering from Marquette University. Beyond work, Megan enjoys playing sand volleyball, traveling, watching her kids soccer games, and is actively involved in a philanthropy (Advisory Council for Cradles to Crayons).

Adaptive Clinical Trial Designs: Modify trials based on interim results for faster identification of effective drugs.Identify effective drugs faster with data analytics and machine learning algorithms to analyze interim trial results and modify.
Real-World Evidence (RWE) Integration: Supplement trial data with real-world insights for drug effectiveness and safety.Supplement trial data with real-world insights for drug effectiveness and safety.
Biomarker Identification and Validation: Validate biomarkers predicting treatment response for targeted therapies.Utilize bioinformatics and computational biology to validate biomarkers predicting treatment response for targeted therapies.
Collaborative Clinical Research Networks: Establish networks for better patient recruitment and data sharing.Leverage cloud-based platforms and collaborative software to establish networks for better patient recruitment and data sharing.
Master Protocols and Basket Trials: Evaluate multiple drugs in one trial for efficient drug development.Implement electronic data capture systems and digital platforms to efficiently manage and evaluate multiple drugs or drug combinations within a single trial, enabling more streamlined drug development
Remote and Decentralized Trials: Embrace virtual trials for broader patient participation.Embrace telemedicine, virtual monitoring, and digital health tools to conduct remote and decentralized trials, allowing patients to participate from home and reducing the need for frequent in-person visits
Patient-Centric Trials: Design trials with patient needs in mind for better recruitment and retention.Develop patient-centric mobile apps and web portals that provide trial information, virtual support groups, and patient-reported outcome tracking to enhance patient engagement, recruitment, and retention
Regulatory Engagement and Expedited Review Pathways: Engage regulators early for faster approvals.Utilize digital communication tools to engage regulatory agencies early in the drug development process, enabling faster feedback and exploration of expedited review pathways for accelerated approvals
Companion Diagnostics Development: Develop diagnostics for targeted recruitment and personalized treatment.Implement bioinformatics and genomics technologies to develop companion diagnostics that can identify patient subpopulations likely to benefit from the drug, aiding in targeted recruitment and personalized treatment
Data Standardization and Interoperability: Ensure seamless data exchange among research sites.Utilize interoperable electronic health record systems and health data standards to ensure seamless data exchange among different research sites, promoting efficient data aggregation and analysis
Use of AI and Predictive Analytics: Apply AI for drug candidate identification and data analysis.Leverage AI algorithms and predictive analytics to analyze large datasets, identify potential drug candidates, optimize trial designs, and predict treatment outcomes, accelerating the drug development process
R&D Investments: Improve the drug or expand indicationsUtilize computational modelling and simulation techniques to accelerate drug discovery and optimize drug development processes