Security News > 2022 > October > Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems.
Cobalt Strike is a commercial red-team framework that's mainly used for adversary simulation, but cracked versions of the software have been actively abused by ransomware operators and espionage-focused advanced persistent threat groups alike.
The issue, tracked as CVE-2022-42948, affects Cobalt Strike version 4.7.1, and stems from an incomplete patch released on September 20, 2022, to rectify a cross-site scripting vulnerability that could lead to remote code execution.
"The XSS vulnerability could be triggered by manipulating some client-side UI input fields, by simulating a Cobalt Strike implant check-in or by hooking a Cobalt Strike implant running on a host," IBM X-Force researchers Rio Sherri and Ruben Boonen said in a write-up.
It was found that remote code execution could be triggered in specific cases using the Java Swing framework, the graphical user interface toolkit that's used to design Cobalt Strike.
The findings come a little over a week after the U.S. Department of Health and Human Services cautioned of the continued weaponization of legitimate tools such as Cobalt Strike in attacks aimed at the healthcare sector.
News URL
https://thehackernews.com/2022/10/critical-rce-vulnerability-discovered.html
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-24 | CVE-2022-42948 | Improper Encoding or Escaping of Output vulnerability in Helpsystems Cobalt Strike 4.7.1 Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. | 9.8 |