Security Vulnerability in KioWare for Windows - KioScriptingUrlACL
CVE-2022-44875

5.4MEDIUM

Key Information:

Vendor: Kioware
Status: Kioware
Vendor: CVE Published:; 6 March 2023

Badges

👾 Exploit Exists

What is CVE-2022-44875?

The KioWare software for Windows versions up to 8.33 contains an improper access control vulnerability due to KioScriptingUrlACL.AclActions.AllowHigh being set for the about:blank origin. This misconfiguration enables attackers to execute JavaScript code through KioUtils.Execute, potentially leading to SYSTEM-level access and severe security breaches. Users and system administrators are advised to review the version history and implement necessary updates to mitigate this risk.

References

https://www.kioware.com/versionhistory.aspx?pid=15

https://github.com/olnor18/writeup/tree/master/CVE/CVE-20...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 20, 2023
👾
Exploit known to exist
Jul 20, 2023
Vulnerability published
Mar 6, 2023
Vulnerability Reserved
Nov 7, 2022

Kioware

Badges

What is CVE-2022-44875?

References

CVSS V3.1

Timeline