Vulnerability Details : CVE-2022-30333

Public exploit exists!
Used for ransomware!
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Published 2022-05-09 08:15:07
Updated 2025-03-13 15:35:00
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Directory traversal

Products affected by CVE-2022-30333

CVE-2022-30333 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
RARLAB UnRAR Directory Traversal Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
Notes:
Vulnerability updated with version 6.12. Accessing link will download update information: https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz; https://nvd.nist.gov/vuln/detail/CVE-2022-30333
Added on 2022-08-09 Action due date 2022-08-30

Exploit prediction scoring system (EPSS) score for CVE-2022-30333

EPSS FAQ
90.96%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2022-30333

  • UnRAR Path Traversal in Zimbra (CVE-2022-30333)
    Disclosure Date: 2022-06-28
    First seen: 2022-12-23
    exploit/linux/http/zimbra_unrar_cve_2022_30333
    This module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR
  • UnRAR Path Traversal (CVE-2022-30333)
    Disclosure Date: 2022-06-28
    First seen: 2022-12-23
    exploit/linux/fileformat/unrar_cve_2022_30333
    This module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.

CVSS scores for CVE-2022-30333

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
 MEDIUM AV:N/AC:L/Au:N/C:N/I:P/A:N
10.0
2.9
 NIST
7.5
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3.9
3.6
 134c704f-9b21-4f2e-91b3-4a467353bcc0 2025-01-29
7.5
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3.9
3.6
 NIST

CWE ids for CVE-2022-30333

  • The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
    Assigned by:
    • 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
    • nvd@nist.gov (Primary)
  • The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
    Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2022-30333

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close