← Back to CVEs
CVE-2022-42948
CRITICALCISA KEV9.8
Description
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/24/2023
Last Modified11/3/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorFortra
ProductCobalt Strike
Vulnerability NameFortra Cobalt Strike User Interface Remote Code Execution Vulnerability
KEV Date Added2023-03-30
Remediation Due Date2023-04-20
Ransomware UseUnknown
Affected Products
helpsystems:cobalt_strike
Weaknesses (CWE)
CWE-116CWE-116
References
https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/(cve@mitre.org)
https://www.cobaltstrike.com/blog/(cve@mitre.org)
https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/(cve@mitre.org)
https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cobaltstrike.com/blog/(af854a3a-2127-422b-91ae-364da2661108)
https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.