What is CVE-2022-24562?

CVE-2022-24562 is a vulnerability in N/a. Published 2022-06-16.

Is CVE-2022-24562 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-24562

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data…

EPSS: 0.531 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
tomerpeled92/CVE
vishnusomank/GoXploitDB
zhanpengliu-tencent/medium-cve

References

iobit.com (x_refsource_MISC)
iotransfer.com (x_refsource_MISC)
medium.com/@tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4… (x_refsource_MISC)
packetstormsecurity.com/files/167775/IOTransfer-4.0-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-24562?: CVE-2022-24562 is a vulnerability in N/a. Published 2022-06-16.
Is CVE-2022-24562 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.