CVE-2022-28719 – CVE-2022-28719 is a critical authentication byp... (How to Fix)

Q: What is the severity of CVE-2022-28719?

CVE-2022-28719 has a CVSS score of 9.8 (CRITICAL). CVE-2022-28719 is a critical authentication bypass vulnerability in AssetView management software that allows unauthenticated remote attackers to upload malicious configuration files. This can lead to remote code execution with administrative privileges on managed client systems. Organizations using AssetView versions before 13.2.0 are affected.

📋 TL;DR

CVE-2022-28719 is a critical authentication bypass vulnerability in AssetView management software that allows unauthenticated remote attackers to upload malicious configuration files. This can lead to remote code execution with administrative privileges on managed client systems. Organizations using AssetView versions before 13.2.0 are affected.

💻 Affected Systems

Products:

AssetView

Versions: All versions prior to 13.2.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability affects the AssetView management server component. Managed clients become vulnerable when they receive malicious configuration files from the compromised server.

📦 What is this software?

Assetview by Hammock

View all CVEs affecting Assetview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all managed client systems with administrative privileges, enabling data theft, ransomware deployment, or persistent backdoor installation across the entire managed environment.

🟠

Likely Case

Attacker gains administrative control over managed clients, potentially leading to data exfiltration, lateral movement within the network, or deployment of malware.

🟢

If Mitigated

If proper network segmentation and access controls are in place, impact may be limited to isolated management segments, though compromised clients could still be used for further attacks.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely without authentication if the AssetView management server is exposed to the internet.

🏢 Internal Only: HIGH - Even internally, any attacker with network access to the management server can exploit this vulnerability to compromise managed clients.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires some knowledge of the system configuration but no authentication. The attack vector is straightforward once the attacker understands the configuration structure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 13.2.0

Vendor Advisory: https://www.hammock.jp/assetview/info/220422.html

Restart Required: Yes

Instructions:

1. Download AssetView version 13.2.0 or later from the vendor website. 2. Backup current configuration and data. 3. Stop AssetView services. 4. Install the updated version. 5. Restart services and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate AssetView management server from untrusted networks and restrict access to authorized IP addresses only.

Firewall Rules

all

Implement strict firewall rules to block external access to AssetView management ports (default ports vary by installation).

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the AssetView management server
Monitor for unusual configuration file uploads or changes to AssetView server configuration

🔍 How to Verify

Check if Vulnerable:

Check AssetView version in administration console or configuration files. Versions below 13.2.0 are vulnerable.

Check Version:

Check AssetView administration interface or configuration files for version information (specific command varies by installation)

Verify Fix Applied:

Verify AssetView version is 13.2.0 or higher and test that unauthenticated configuration uploads are properly rejected.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated configuration upload attempts
Unexpected configuration file changes
Unusual administrative activity from non-standard sources

Network Indicators:

Unusual traffic to AssetView management ports from unauthorized sources
Configuration file uploads from unexpected IP addresses

SIEM Query:

source="AssetView" AND (event_type="config_upload" AND user="anonymous") OR (version < "13.2.0")

📊 Metadata

CVE ID: CVE-2022-28719

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: April 28, 2022

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN54857505/index.html Third Party Advisory,VDB Entry
https://www.hammock.jp/assetview/info/220422.html Third Party Advisory
https://jvn.jp/en/jp/JVN54857505/index.html Third Party Advisory,VDB Entry
https://www.hammock.jp/assetview/info/220422.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28719, you might also want to check these: