Home / Vulnerabilities / CVE-2022-42948
CRITICAL SEVERITY
CVE-2022-42948 Fortra · Cobalt Strike

Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
9.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

19.51 %
Predictive Probability
Percentile Rank
95.2 th

Documented as more likely to be exploited than 95.2% of known CVEs.

Detection Date

Mar 30, 2023

Remediation Due

Apr 20, 2023

CISA Catalog Active

Threat Analysis

Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.

Remediation Directive

Apply updates per vendor instructions.

External Intelligence

https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/

https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-42948