CVE-2022-41572
Published: 07 January 2025
Summary
CVE-2022-41572 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Eyesofnetwork Eyesofnetwork. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) through version 5.3.11. The issue stems from the ability to run the nmap tool as the root user on the server, which allows attackers to achieve total control over the affected system. It has been assigned CWE-276 (Incorrect Default Permissions) and a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants full root access to the server, enabling complete compromise including data exfiltration, modification, or destruction, as well as potential use as a pivot for further attacks.
Advisories and further details are available in the EyesOfNetworkCommunity GitHub issue at https://github.com/EyesOfNetworkCommunity/eonweb/issues/120 and the Orange Cyberdefense CVE repository at https://github.com/Orange-Cyberdefense/CVE-repository/, which discuss the flaw and potential mitigations such as restricting nmap execution privileges.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44764
Vulnerability details
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes remote exploitation of a public-facing app (EON web interface) via incorrect permissions allowing nmap execution as root, enabling full privilege escalation to root.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-6 Least Privilege directly prevents privilege escalation by restricting nmap execution to non-root privileges, addressing the core issue of incorrect default permissions allowing root access.
CM-7 Least Functionality prohibits unnecessary root-level execution of tools like nmap, limiting system capabilities to essential functions and mitigating total server control.
CM-6 Configuration Settings enforces secure baseline configurations for permissions and execution contexts of nmap, remediating the default permissions flaw (CWE-276).