CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
acewareaceweb_online_portal
𝑥
< 3.5.065
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aceware.com
http://aceweb.com
https://www.aceware.com/forum/viewtopic.php?f=7&t=481
http://aceware.com
http://aceweb.com
https://www.aceware.com/forum/viewtopic.php?f=7&t=481