Attacker uses the CVE-2022-36537 to leak the contents of /Configuration/database-drivers.zul, which yields a unique secret ID value.Per various write-ups and public PoCs analyzed by the following seems to happen: Both Huntress and NCC Group have noted that this bug is being exploited in vulnerable ConnectWise R1Soft Server Backup Manager software to gain initial access to target systems and then do a variety of not-good things, including installing malicious JDBC database drivers to backdoor systems, deploying ransomware, and so on. The original advisory, NVD entry, and CVSS score are all predicated on the mere info leak, but as it turns out, other popular software that uses ZK Framework is vulnerable to full-on remote code execution via CVE-2022-36537. The core vuln here is an info leak in ZK Framework, which - yep, you guessed it! - is a popular open-source Java library used to create enterprise mobile and web apps.
0 Comments
Leave a Reply. |