Vulnerability Details CVE-2022-24562
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.66
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://iobit.com
- http://iotransfer.com
- http://packetstormsecurity.com/files/167775/IOTransfer-4.0-Remote-Code-Execution.html
- https://medium.com/%40tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d
- http://iobit.com
- http://iotransfer.com
- http://packetstormsecurity.com/files/167775/IOTransfer-4.0-Remote-Code-Execution.html
- https://medium.com/%40tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d
Products affected by CVE-2022-24562
-
cpe:2.3:a:iobit:iotransfer:4.3.1.1561