CVE-2022-41572

Critical

Published: 07 January 2025

Published

07 January 2025

Modified

13 June 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0024 47.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.

Security Summary

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) through version 5.3.11. The issue stems from the ability to run the nmap tool as the root user on the server, which allows attackers to achieve total control over the affected system. It has been assigned CWE-276 (Incorrect Default Permissions) and a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants full root access to the server, enabling complete compromise including data exfiltration, modification, or destruction, as well as potential use as a pivot for further attacks.

Advisories and further details are available in the EyesOfNetworkCommunity GitHub issue at https://github.com/EyesOfNetworkCommunity/eonweb/issues/120 and the Orange Cyberdefense CVE repository at https://github.com/Orange-Cyberdefense/CVE-repository/, which discuss the flaw and potential mitigations such as restricting nmap execution privileges.

Details

CWE(s): CWE-276

Affected Products

eyesofnetwork

≤ 5.3-11

References

https://github.com/EyesOfNetworkCommunity/eonweb/issues/120
Issue Tracking · cve@mitre.org
https://github.com/Orange-Cyberdefense/CVE-repository/
Third Party Advisory · cve@mitre.org