CVE-2022-25216

An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.tenable.com/security/research/tra-2022-07	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dvdfab:12_player::::::::
	cpe:2.3:a:dvdfab:playerfab::::::::

History

No history.

Information

Published : 2022-03-11 18:15

Updated : 2022-03-21 16:42

NVD link : CVE-2022-25216

Mitre link : CVE-2022-25216

CVE.ORG link : CVE-2022-25216

JSON object : View

Products Affected

dvdfab

playerfab
12_player

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-25216", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-11T18:15:40.160", "references": [{"url": "https://www.tenable.com/security/research/tra-2022-07", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta absoluto permite a un atacante remoto descargar cualquier archivo del sistema de archivos de Windows para el que la cuenta de usuario que ejecuta el reproductor DVDFab 12 (recientemente rebautizado como PlayerFab) tenga acceso de lectura, mediante una petici\u00f3n HTTP GET a http://(IP_ADDRESS):32080/download/(URL_ENCODED_PATH)"}], "lastModified": "2022-03-21T16:42:27.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dvdfab:12_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04A49351-BCD5-4568-A944-F189FEBD1A8D", "versionEndIncluding": "6.2.11", "versionStartIncluding": "6.2.10"}, {"criteria": "cpe:2.3:a:dvdfab:playerfab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1223532D-3620-44C6-8F6D-3E0E2FFC8D55", "versionEndIncluding": "7.0.0.5", "versionStartIncluding": "7.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}