Uncontrolled Search Path Vulnerability in CLUSTERPRO and EXPRESSCLUSTER by NEC
CVE-2022-34825

9.8CRITICAL

Key Information:

Vendor: Nec Corporation
Status: Clusterpro X
Vendor: CVE Published:; 8 November 2022

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2022-34825?

The identified vulnerability in NEC's CLUSTERPRO and EXPRESSCLUSTER software could allow a remote attacker to manipulate the search path used during execution. This flaw enables untrusted input to influence the loading of executable binaries, potentially leading to the overwriting of files and the execution of arbitrary code within the system. Users operating affected versions are encouraged to apply security updates and follow recommended security practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

CLUSTERPRO X CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier

References

https://jpn.nec.com/security-info/secinfo/nv22-014_en.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Jun 29, 2022