File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
CVE-2022-24387

9.1CRITICAL

Key Information:

Vendor: Smartertools
Status: Smartertrack
Vendor: CVE Published:; 14 March 2022

What is CVE-2022-24387?

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010

Affected Version(s)

SmarterTrack 100.0.8019.x

References

https://csirt.divd.nl/DIVD-2021-00029

x_refsource_CONFIRMrelated

https://csirt.divd.nl/CVE-2022-24387/

x_refsource_CONFIRMthird-party-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 14, 2022
Vulnerability Reserved
Feb 3, 2022

Credit

Wietse Boonstra of DIVD

Smartertools

What is CVE-2022-24387?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit