The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.
References
Link | Resource |
---|---|
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66876 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
19 Aug 2022, 12:47
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-346 | |
First Time |
Microsoft
Microsoft windows Teruten Teruten webcube |
|
References | (MISC) https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66876 - Third Party Advisory | |
CPE | cpe:2.3:a:teruten:webcube:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
17 Aug 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-17 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23764
Mitre link : CVE-2022-23764
CVE.ORG link : CVE-2022-23764
JSON object : View
Products Affected
microsoft
- windows
teruten
- webcube
CWE
CWE-346
Origin Validation Error