Cyber Resilience

CVE-2022-41572

Critical

Published: 07 January 2025

Published
07 January 2025
Modified
13 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 56.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-41572 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Eyesofnetwork Eyesofnetwork. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) through version 5.3.11. The issue stems from the ability to run the nmap tool as the root user on the server, which allows attackers to achieve total control over the affected system. It has been assigned CWE-276 (Incorrect Default Permissions) and a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants full root access to the server, enabling complete compromise including data exfiltration, modification, or destruction, as well as potential use as a pivot for further attacks.

Advisories and further details are available in the EyesOfNetworkCommunity GitHub issue at https://github.com/EyesOfNetworkCommunity/eonweb/issues/120 and the Orange Cyberdefense CVE repository at https://github.com/Orange-Cyberdefense/CVE-repository/, which discuss the flaw and potential mitigations such as restricting nmap execution privileges.

EU & UK References

Vulnerability details

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes remote exploitation of a public-facing app (EON web interface) via incorrect permissions allowing nmap execution as root, enabling full privilege escalation to root.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-49157Shared CWE-276
CVE-2024-55215Shared CWE-276
CVE-2025-25535Shared CWE-276
CVE-2024-53351Shared CWE-276
CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-0543Shared CWE-276
CVE-2021-27285Shared CWE-276

Affected Assets

eyesofnetwork
eyesofnetwork
≤ 5.3-11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-6 Least Privilege directly prevents privilege escalation by restricting nmap execution to non-root privileges, addressing the core issue of incorrect default permissions allowing root access.

prevent

CM-7 Least Functionality prohibits unnecessary root-level execution of tools like nmap, limiting system capabilities to essential functions and mitigating total server control.

prevent

CM-6 Configuration Settings enforces secure baseline configurations for permissions and execution contexts of nmap, remediating the default permissions flaw (CWE-276).

References