Vulnerability CVE-2022-1958

Vulnerability CVE-2022-1958

Published: 2022-06-15

Description:

A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands some form of authentication. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component.

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Filecloud -> Filecloud

References:

https://www.filecloud.com/supportdocs/fcdoc/2v/server/security-advisories/2022-security-advisories/advisory-2022-06-01-potential-unauthorized-data-access-when-using-network-folders-with-ntfs-permissions

https://vuldb.com/?id.201960

https://www.scip.ch/?news.20220615

Vulnerability CVE-2022-1958

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

6.5/10

6.4/10

8/10

Remote

Low

Single time

Partial

Partial

Partial

Affected software

References: