CVE-2022-28945 – CVE-2022-28945 is a critical directory traversa... (How to Fix)

Q: What is the severity of CVE-2022-28945?

CVE-2022-28945 has a CVSS score of 9.8 (CRITICAL). CVE-2022-28945 is a critical directory traversal vulnerability in Webbank WeCube v3.2.2 that allows attackers to write arbitrary files to the server filesystem via specially crafted ZIP archives. This affects all organizations running WeCube v3.2.2, potentially leading to remote code execution and complete system compromise.

📋 TL;DR

CVE-2022-28945 is a critical directory traversal vulnerability in Webbank WeCube v3.2.2 that allows attackers to write arbitrary files to the server filesystem via specially crafted ZIP archives. This affects all organizations running WeCube v3.2.2, potentially leading to remote code execution and complete system compromise.

💻 Affected Systems

Products:

Webbank WeCube

Versions: v3.2.2

Operating Systems: All platforms running WeCube

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with ZIP file upload functionality enabled, which is common in WeCube deployments.

📦 What is this software?

Webcube by Webbank

View all CVEs affecting Webcube →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Arbitrary file write leading to web shell deployment, credential theft, and persistence mechanisms.

🟢

If Mitigated

Limited impact with proper file system permissions, but still potential for information disclosure.

🌐 Internet-Facing: HIGH - Web applications accepting ZIP uploads are directly exploitable from the internet.

🏢 Internal Only: MEDIUM - Internal users could exploit if they have upload capabilities, but requires some access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to upload ZIP files, which typically requires some level of authentication, but the vulnerability itself is simple to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.2.3 and later

Vendor Advisory: https://github.com/WeBankPartners/wecube-platform/releases/tag/v3.2.3

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download WeCube v3.2.3 or later from official repository. 3. Stop WeCube service. 4. Replace installation with patched version. 5. Restart WeCube service. 6. Verify functionality.

🔧 Temporary Workarounds

Disable ZIP upload functionality

all

Temporarily disable ZIP file uploads in WeCube configuration to prevent exploitation.

Edit WeCube configuration to remove or restrict ZIP upload endpoints

Implement file upload validation

all

Add server-side validation to reject ZIP files containing directory traversal sequences.

Implement file validation logic before processing uploaded ZIP archives

🧯 If You Can't Patch

Implement strict file system permissions to limit write access to web application directories
Deploy web application firewall (WAF) rules to detect and block directory traversal attempts in file uploads

🔍 How to Verify

Check if Vulnerable:

Check if running WeCube v3.2.2 by examining version in admin interface or configuration files.

Check Version:

Check WeCube version in web interface or examine application.properties/version files

Verify Fix Applied:

Verify installation of WeCube v3.2.3 or later and test ZIP upload functionality with traversal attempts.

📡 Detection & Monitoring

Log Indicators:

Multiple failed ZIP upload attempts
File write operations outside expected directories
Unusual file creation patterns in system logs

Network Indicators:

Unusual outbound connections from WeCube server
Large file transfers from server

SIEM Query:

source="wecube" AND (event="file_upload" AND file_extension="zip") AND (path="../" OR path="..\")

📊 Metadata

CVE ID: CVE-2022-28945

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

http://webbank.com Product
http://wecube.com Product
https://github.com/WeBankPartners/wecube-platform/issues/2324 Exploit,Issue Tracking,Third Party Advisory
https://github.com/WeBankPartners/wecube-platform/releases/tag/v3.2.2 Release Notes,Third Party Advisory
http://webbank.com Product
http://wecube.com Product
https://github.com/WeBankPartners/wecube-platform/issues/2324 Exploit,Issue Tracking,Third Party Advisory
https://github.com/WeBankPartners/wecube-platform/releases/tag/v3.2.2 Release Notes,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28945, you might also want to check these: