Skip to main content
All vulnerabilities
CVE-2022-42948

Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability

FortraCobalt Strike

Added to KEV catalog
30 March 2023
Federal remediation due date
20 April 2023
Weakness classification (CWE)
CWE-79, CWE-116

CISA Description

Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.

Required action

Apply updates per vendor instructions.

Notes

https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/; https://nvd.nist.gov/vuln/detail/CVE-2022-42948

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services