Cyber Resilience

CVE-2022-41158

HighRCE

Published: 25 November 2022

Published
25 November 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0543 90.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-41158 is a high-severity Path Traversal (CWE-22) vulnerability in Eyoom Eyoom Builder. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-41158 is a remote code execution vulnerability that arises when cookie values are treated as file paths inside a builder program. The flaw maps to CWE-22 (path traversal) and CWE-94 (code injection) and carries a CVSS 3.1 base score of 7.2. No specific product name or version range is supplied in the available data.

An attacker who already possesses high-privileged credentials can supply a crafted cookie that causes the application to read or execute attacker-controlled content, resulting in arbitrary code execution on the affected system. The attack is network-reachable and requires no user interaction once privileged access is obtained.

The referenced KR-CERT advisory does not detail patches or work-arounds in the supplied record. EPSS remains flat at 0.0543 with no material increase after disclosure.

EU & UK References

Vulnerability details

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

eyoom
eyoom builder
≤ 4.5.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22 CWE-94

Validates pathnames and filenames to prevent traversal outside intended directories.

addresses: CWE-94

Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.

addresses: CWE-94

Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.

addresses: CWE-94

Directly prevents execution of attacker-supplied code written into data memory regions.

References