CVE-2022-34824
published 2022-11-08CVE-2022-34824: Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.08%
61.1th percentile
Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fdkaac_project | fdkaac | >= 0 < 0.6.2-1ubuntu0.1~esm1 | 0.6.2-1ubuntu0.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 0.6.3-1ubuntu0.18.04.1~esm1 | 0.6.3-1ubuntu0.18.04.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 0.6.3-1ubuntu0.20.04.1~esm1 | 0.6.3-1ubuntu0.20.04.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 1.0.0-1ubuntu0.22.04.1~esm1 | 1.0.0-1ubuntu0.22.04.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 1.0.0-1ubuntu0.24.04.1~esm1 | 1.0.0-1ubuntu0.24.04.1~esm1 |
| nec | expresscluster_x | <= 5.0 | — |
| nec | expresscluster_x_singleserversafe | <= 5.0 | — |
| nec_corporation | clusterpro_x | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows permission (EUVD-2022-37730)
vuldb·2026-06-14·CVSS 9.8
CVE-2022-34824 [CRITICAL] NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows permission (EUVD-2022-37730)
A vulnerability, which was classified as critical, has been found in NEC CLUSTERPRO X and EXPRESSCLUSTER X up to 5.0 on Windows. Impacted is an unknown function. Performing a manipulation results in permission issues.
This vulnerability is reported as CVE-2022-34824. The attack is possible to be carried out remotely. No exploit exists.
OSV
fdkaac vulnerabilities
osv·2025-07-22·CVSS 5.5
CVE-2022-36148 fdkaac vulnerabilities
fdkaac vulnerabilities
It was discovered that fdkaac did not correctly handle certain input. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2022-36148)
It was discovered that fdkaac did not correctly handle certain memory
operations. If a user or automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to cause
a denial of service. (CVE-2022-37781, CVE-2023-34823, CVE-2023-34824)
GHSA
GHSA-jw3w-3gxw-82qw: Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5
ghsa_unreviewed·2022-11-09
CVE-2022-34824 [CRITICAL] CWE-276 GHSA-jw3w-3gxw-82qw: Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5
Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-08
Published