Vulnerability Details CVE-2022-27963
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.9
References
- https://github.com/ycdxsb/Vuln/tree/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xftp-CreateProcessW-Misuse-Binary-Hijack
- https://www.netsarang.com/en/xftp-update-history/
- https://github.com/ycdxsb/Vuln/tree/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xftp-CreateProcessW-Misuse-Binary-Hijack
- https://www.netsarang.com/en/xftp-update-history/
Products affected by CVE-2022-27963
-
cpe:2.3:a:netsarang:xftp:6.0076
-
cpe:2.3:a:netsarang:xftp:6.0079
-
cpe:2.3:a:netsarang:xftp:6.0080
-
cpe:2.3:a:netsarang:xftp:6.0083
-
cpe:2.3:a:netsarang:xftp:6.0085
-
cpe:2.3:a:netsarang:xftp:6.0088
-
cpe:2.3:a:netsarang:xftp:6.0089
-
cpe:2.3:a:netsarang:xftp:6.0092
-
cpe:2.3:a:netsarang:xftp:6.0095
-
cpe:2.3:a:netsarang:xftp:6.0101
-
cpe:2.3:a:netsarang:xftp:6.0103
-
cpe:2.3:a:netsarang:xftp:6.0105
-
cpe:2.3:a:netsarang:xftp:6.0108
-
cpe:2.3:a:netsarang:xftp:6.0109
-
cpe:2.3:a:netsarang:xftp:6.0111
-
cpe:2.3:a:netsarang:xftp:6.0115
-
cpe:2.3:a:netsarang:xftp:6.0119
-
cpe:2.3:a:netsarang:xftp:6.0140
-
cpe:2.3:a:netsarang:xftp:6.0143
-
cpe:2.3:a:netsarang:xftp:6.0149
-
cpe:2.3:a:netsarang:xftp:6.0150
-
cpe:2.3:a:netsarang:xftp:6.0164
-
cpe:2.3:a:netsarang:xftp:6.0169
-
cpe:2.3:o:microsoft:windows:-