Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
References
| Link | Resource |
|---|---|
| https://github.com/ycdxsb/Vuln/blob/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xshell-CreateProcessW-Misuse-Binary-Hijack | Exploit Third Party Advisory |
| https://www.netsarang.com/en/xshell-update-history/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Apr 2022, 14:59
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-428 | |
| References | (MISC) https://github.com/ycdxsb/Vuln/blob/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xshell-CreateProcessW-Misuse-Binary-Hijack - Exploit, Third Party Advisory | |
| References | (MISC) https://www.netsarang.com/en/xshell-update-history/ - Release Notes, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 6.5 |
| First Time |
Microsoft windows
Netsarang xshell Netsarang Microsoft |
|
| CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:netsarang:xshell:*:*:*:*:*:*:*:* |
31 Mar 2022, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-31 23:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-27966
Mitre link : CVE-2022-27966
CVE.ORG link : CVE-2022-27966
JSON object : View
Products Affected
microsoft
- windows
netsarang
- xshell
CWE
CWE-428
Unquoted Search Path or Element