CVE-2022-23347
published 2022-03-21CVE-2022-23347: BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
13.12%
95.9th percentile
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bigantsoft | bigant_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/index.php/Pan/ShareUrl/downloadSharedFile?true_path=../../../../../../windows/win.ini&file_name=win.ini↗
- →HTTP GET request to the vulnerable endpoint with directory traversal sequence in 'true_path' parameter targeting win.ini ↗
- →Response body contains Windows win.ini artifact strings indicating successful LFI exploitation ↗
- →Shodan query to identify exposed BigAnt Server instances ↗
- →FOFA query to identify exposed BigAnt Server instances ↗
- ·Vulnerability affects BigAnt Server version 5.6.06 specifically; other versions may not be affected ↗
- ·No authentication is required to exploit this vulnerability (PR:N, UI:N) ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-65p8-cv89-24c7: BigAnt Software BigAnt Server v5
ghsa_unreviewed·2022-03-22
CVE-2022-23347 [HIGH] CWE-22 GHSA-65p8-cv89-24c7: BigAnt Software BigAnt Server v5
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
VulnCheck
bigantsoft bigant_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2022·CVSS 7.5
CVE-2022-23347 [HIGH] bigantsoft bigant_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
bigantsoft bigant_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
Affected: bigantsoft bigant_server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_type=src&vulnerability=cve-2022-23347; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-14&host_type=src&vulnerability=cve-2022-23347; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-15&host_type=src&vulne
No detection rules found.
Nuclei
BigAnt Server v5.6.06 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2022-23347 [HIGH] BigAnt Server v5.6.06 - Local File Inclusion
BigAnt Server v5.6.06 - Local File Inclusion
BigAnt Server v5.6.06 is vulnerable to local file inclusion.
Template:
id: CVE-2022-23347
info:
name: BigAnt Server v5.6.06 - Local File Inclusion
author: 0x_Akoko
severity: high
description: BigAnt Server v5.6.06 is vulnerable to local file inclusion.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server.
remediation: |
Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in BigAnt Server v5.6.06.
reference:
- https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347
- https://nvd.nist.gov/vuln/detail/CVE-2022-23347
- http://bigant.com
- https://www.bigantsoft.com/
- https://github.com/ARPSynd
2022-03-21
Published
Exploited in the wild