Vulnerability Details : CVE-2022-39197
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
Vulnerability category: Cross site scripting (XSS)
CVE-2022-39197 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.
Notes:
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/; https://nvd.nist.gov/vuln/detail/CVE-2022-39197
Added on
2023-03-30
Action due date
2023-04-20
Exploit prediction scoring system (EPSS) score for CVE-2022-39197
0.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less