Vulnerability Details : CVE-2022-1958
A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-1958
- cpe:2.3:a:filecloud:filecloud:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1958
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1958
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | |
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | 2024-02-29 |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-1958
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-1958
-
https://www.filecloud.com/supportdocs/fcdoc/2v/server/security-advisories/2022-security-advisories/advisory-2022-06-01-potential-unauthorized-data-access-when-using-network-folders-with-ntfs-permissions
Advisory 2022-06/01 Potential Unauthorized Data Access When Using Network Folders with NTFS Permissions - FileCloud DocsVendor Advisory
-
https://vuldb.com/?ctiid.201960
Third Party Advisory
-
https://www.scip.ch/?news.20220615
Veröffentlichung von Schwachstelle in FileCloudThird Party Advisory
-
https://vuldb.com/?id.201960
CVE-2022-1958 | FileCloud NTFS access controlThird Party Advisory
Jump to