CVE-2022-40870
published 2022-11-23CVE-2022-40870: The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute…
PriorityP344high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.05%
59.9th percentile
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| parallels | remote_application_server | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3mv9-6gw5-j7q6: The Web Client of Parallels Remote Application Server v18
ghsa_unreviewed·2022-11-23
CVE-2022-40870 [HIGH] CWE-116 GHSA-3mv9-6gw5-j7q6: The Web Client of Parallels Remote Application Server v18
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
CISA
Aviatrix Controller Unrestricted Upload of File
cisa·2022-01-18·CVSS 9.8
CVE-2021-40870 [CRITICAL] CWE-25 Aviatrix Controller Unrestricted Upload of File
Vulnerability: Aviatrix Controller Unrestricted Upload of File
Affected: Aviatrix Aviatrix Controller
Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-40870
Remediation Due Date: 2022-02-01
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txthttps://github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServerhttps://github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txthttps://github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServer
2022-11-23
Published