Skip to content
May 20, 2025
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Primary Menu
  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Linux
  • Malware Attack
  • Open Source Tool
  • Technology
  • Vulnerability
  • Home
  • News
  • Vulnerability
  • CVE-2022-39197: critical Cobalt Strike bug could lead to RCE attacks
  • Vulnerability

CVE-2022-39197: critical Cobalt Strike bug could lead to RCE attacks

Ddos September 21, 2022 2 min read
CVE-2022-39197

Image: buffaloverflow

The maintainers of the Cobalt Strike project, HelpSystems has pushed out-of-band software updates to its adversary simulation tool to contain a critical-impact security vulnerability.

The flaw, now assigned the identifier CVE-2022-39197, has been described as an XSS vulnerability in the teamserver that affected the Cobalt Strike version prior to 4.7.1.

Cobalt Strike was one of the first public red team command and control frameworks. In 2020, HelpSystems acquired Cobalt Strike to add to its Core Security portfolio and pair with Core Impact. Today, Cobalt Strike is the go-to red team platform for many U.S. government, large businesses, and consulting organizations. However, Cobalt Strike is also widely used by hackers, including ransomware gangs, to infiltrate targeted networks.

The CVE-2022-39197 vulnerability exists in Cobalt Strike’s Beacon payload, which may allow an attacker to trigger XSS by setting a fake username in the Beacon configuration, thereby causing remote code execution on the CS Server.

“This would allow an attacker to set a malformed username in the Beacon configuration, allowing them to remotely execute code,” the advisory noted. An independent researcher identified as “Beichendream”, has been credited with reporting the flaw to HelpSystems.

Image: buffaloverflow

To patch this flaw, the new Cobalt Strike version added a new property (limits.beacons_xssvalidated is set to true) to the TeamServer.prop file. Users of the library are recommended to upgrade to Cobalt Strike version 4.7.1 to mitigate any potential threats.

Rate this post

Found this helpful?

If this article helped you, please share it with others who might benefit.

Tags: Cobalt Strike CVE-2022-39197

Continue Reading

Previous: Tracking Open Source Components: Manual vs Automation
Next: evilgophish: Combination of evilginx2 and GoPhish

Search

💙 Support Us!
We need 50 contributors this month to keep this site running.
14 of 50 supporters this month
☕ Buy Me a Coffee PayPalDonate
Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    Copyright © All rights reserved.
    x