CVERadar
Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For FreeCVE-2022-35583
Critical Severity|Wkhtmltopdf
84
SVRS
9.8
CVSSv3
0.10658
EPSS
TAGS
In The WildExploit Available
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2022-08-22
LAST MODIFIED2024-08-03
Security Intelligence Brief
1. What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2022-35583, is a Server-Side Request Forgery (SSRF) affecting wkTOpdf version 0.12.6. It matters because it allows an attacker to gain initial access into the target's system. By injecting an iframe tag with an internal asset IP address as its source, an attacker can bypass network perimeters and access internal assets, which can lead to a complete takeover of the target's infrastructure.
2. What are the CVSS score, severity level, and disclosure details?
The CVSS score for CVE-2022-35583 is 9.8. This score indicates a Critical severity level. The vulnerability was published on August 22, 2022, and was last modified on August 3, 2024.
3. Which products, vendors, systems, and versions are affected?
The affected product is wkTOpdf. The specific vulnerable version is 0.12.6.
4. What is the technical root cause and attack vector?
The technical root cause is a Server-Side Request Forgery (SSRF) vulnerability. The attack vector involves an attacker injecting an iframe tag into a processed document, where the source (src) attribute of this iframe points to an internal asset's IP address.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by an attacker who injects an iframe tag into content that is subsequently processed by wkTOpdf 0.12.6. The iframe's source attribute is crafted to include an internal asset's IP address. When wkTOpdf processes this content, it will attempt to fetch the resource from the specified internal IP, effectively allowing the attacker to make requests from the server-side to internal networks. This provides initial access to internal assets and can lead to a broader compromise of the infrastructure.
10. What public intelligence references and advisories exist?
The primary public intelligence reference for this vulnerability is its Common Vulnerabilities and Exposures (CVE) identifier: CVE-2022-35583. Additionally, the vulnerability is categorized under CWE-918, which refers to "Server-Side Request Forgery (SSRF)".
11. What is the risk assessment and urgency level?
The risk assessment for CVE-2022-35583 is Critical, as evidenced by its CVSS score of 9.8. The urgency level is high due to the potential for an attacker to gain initial access to the target's system and subsequently achieve a complete takeover of the entire infrastructure by accessing internal assets. This vulnerability allows for significant unauthorized access and control, posing a severe threat to data confidentiality, integrity, and availability.
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNTCVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.