Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-25152
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
Source: NVD (National Vulnerability Database)
Vulnerability Description
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不恰当实现的标准安全检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
ITarian Saas platform 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ITarian是美国ITarian公司的一种远程访问和 IT 管理解决方案。可帮助组织与其客户和员工建立联系和沟通,促进跨团队的远程文件访问、系统监控、故障排除和运营管理。 ITarian Saas platform 3.49.0之前版本,存在安全漏洞,该漏洞源于在使用代理运行代码的批准过程中存在漏洞,攻击者利用该漏洞可以执行任意代码且接管系统。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
ITarianITarian platform (SAAS / on-premise) any version ~ 6.35.37347.20040 -
II. Public POCs for CVE-2022-25152
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-25152
Please Login to view more intelligence information
New Vulnerabilities
Vendor: ITarian
Same weakness: CWE-358
V. Comments for CVE-2022-25152

No comments yet

Leave a comment