CVE-2022-23862

HIGH

Y Soft SAFEQ 6 Build 53 - Privilege Escalation

Title source: llm

Description

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

Exploits (1)

nomisec WRITEUP 1 stars

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2022-23862

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/mbadanoiu/CVE-2022-23862

Exploit

https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf

Product

https://ysoft.com

Scores

CVSS v3 7.8

EPSS 0.0180

EPSS Percentile 82.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

ysoft/safeq 6.0 build53

Published Oct 22, 2024

Tracked Since Feb 18, 2026