Strix
26.1K

CVE-2022-23862

HIGHCVSS 7.8/10EPSS 0.49%

Last modified

CVE-2022-23862 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. EPSS estimates a 0.49% chance of exploitation in the next 30 days.

Description

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.49%

38.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
YsoftSafeq6.0Build53

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2022-23862?
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.
How severe is CVE-2022-23862?
CVE-2022-23862 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.49% probability of exploitation in the next 30 days.
How do I fix CVE-2022-23862?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-23862?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST