Login Sign Up

CVE-2022-23345

7.5 HIGH
Authentication Bypass

📋 TL;DR

BigAnt Server v5.6.06 contains an incorrect access control vulnerability that allows attackers to bypass authentication mechanisms. This affects organizations using BigAnt Server for collaboration and messaging. Attackers could potentially access sensitive data or perform unauthorized actions.

💻 Affected Systems

Products:
  • BigAnt Server
Versions: v5.6.06
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of BigAnt Server v5.6.06 are affected regardless of configuration

📦 What is this software?

Bigant Server by Bigantsoft

View all CVEs affecting Bigant Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing data theft, unauthorized administrative access, or service disruption

🟠

Likely Case

Unauthorized access to sensitive user data, message history, or file repositories

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place

🌐 Internet-Facing: HIGH - Directly accessible services with authentication bypass are highly vulnerable
🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept code is publicly available on GitHub, making exploitation straightforward

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.6.07 or later

Vendor Advisory: https://www.bigantsoft.com/

Restart Required: Yes

Instructions:

1. Download latest version from BigAnt website 2. Backup current installation 3. Run installer/upgrade 4. Restart BigAnt Server service

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to BigAnt Server to trusted IP addresses only

# Use firewall rules to restrict access
# Example: iptables -A INPUT -p tcp --dport 8888 -s trusted_ip -j ACCEPT
# Example: iptables -A INPUT -p tcp --dport 8888 -j DROP

Authentication Proxy

all

Place BigAnt Server behind a reverse proxy with additional authentication

# Configure nginx/apache with additional auth
# Example nginx: auth_basic "Restricted";
# Example nginx: auth_basic_user_file /etc/nginx/.htpasswd;

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate BigAnt Server from sensitive systems
  • Enable detailed logging and monitoring for authentication bypass attempts

🔍 How to Verify

Check if Vulnerable:

Check BigAnt Server version in administration panel or configuration files

Check Version:

Check web interface admin panel or server configuration files for version information

Verify Fix Applied:

Verify version is v5.6.07 or later and test authentication bypass attempts fail

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful access
  • Access from unusual IP addresses without proper authentication
  • Administrative actions from non-admin users

Network Indicators:

  • Unusual authentication patterns
  • Direct access to administrative endpoints without credentials

SIEM Query:

source="bigant.log" AND (event="auth_failure" AND event="auth_success" within 5s) OR (user="anonymous" AND action="admin")

📊 Metadata

CVE ID: CVE-2022-23345
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-306
Published: March 21, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23345, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)