Exploit for #VU72081 Deserialization of Untrusted Data in IBM Aspera Faspex for Linux and IBM Aspera Faspex for Windows

Exploit for #VU72081 Deserialization of Untrusted Data in IBM Aspera Faspex for Linux and IBM Aspera Faspex for Windows

Published: 2023-02-09 | Updated: 2023-03-10

Vulnerability identifier: #VU72081

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-47986

CWE-ID: CWE-502

Exploitation vector: Network

Exploits in database: 3

March 10, 2023
- CVE-2022-47986 (CVE-2022-47986: Python, Ruby, NMAP and Metasploit modules to exploit the vulnerability.) [Github]
February 9, 2023
- CVE-2022-47986 (Aspera Faspex Pre Auth RCE) [Github]
- Weaponized-CVEs (A collection of CVE's that are weaponized to exploit whatever PoC it is exploiting. Such as automatically dropping beacons and shells. ) [Github]

Impact: Code execution

Vulnerable software:
IBM Aspera Faspex for Linux
Web applications / Other software
IBM Aspera Faspex for Windows
Web applications / Other software

Vendor: IBM Corporation