In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.
References
Link | Resource |
---|---|
http://iobit.com | Product Vendor Advisory |
http://iotransfer.com | Broken Link |
http://packetstormsecurity.com/files/167775/IOTransfer-4.0-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://medium.com/%40tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d |
Configurations
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
27 Oct 2022, 16:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167775/IOTransfer-4.0-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://iobit.com - Product, Vendor Advisory | |
References | (MISC) http://iotransfer.com - Broken Link |
21 Jul 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jun 2022, 18:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Iobit
Iobit iotransfer |
|
CWE | CWE-287 | |
CPE | cpe:2.3:a:iobit:iotransfer:4.3.1.1561:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://medium.com/@tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d - Exploit, Third Party Advisory | |
References | (MISC) http://iobit.com - Product | |
References | (MISC) http://iotransfer.com - Product |
16 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-16 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24562
Mitre link : CVE-2022-24562
CVE.ORG link : CVE-2022-24562
JSON object : View
Products Affected
iobit
- iotransfer
CWE
CWE-306
Missing Authentication for Critical Function