CVE-2022-42948

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/	Technical Description Third Party Advisory
https://www.cobaltstrike.com/blog/	Vendor Advisory
https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/	Third Party Advisory
https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/	Technical Description Third Party Advisory
https://www.cobaltstrike.com/blog/	Vendor Advisory
https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/	Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948

Configurations

Configuration 1 (hide)

cpe:2.3:a:helpsystems:cobalt_strike:4.7.1:*:*:*:*:*:*:*

History

22 Oct 2025, 00:18

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948 -

21 Oct 2025, 20:19

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:19

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948 -

Information

Published : 2023-03-24 14:15

Updated : 2025-10-22 00:18

NVD link : CVE-2022-42948

Mitre link : CVE-2022-42948

CVE.ORG link : CVE-2022-42948

JSON object : View

Products Affected

helpsystems

cobalt_strike

CWE

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2022-42948", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-03-24T14:15:09.927", "references": [{"url": "https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cobaltstrike.com/blog/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://thesecmaster.com/how-to-fix-cve-2022-42948-a-critical-rce-vulnerability-in-cobalt-strike/", "tags": ["Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cobaltstrike.com/blog/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redpacketsecurity.com/helpsystems-cobalt-strike-code-execution-cve-2022-42948/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42948", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-116"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI."}], "lastModified": "2025-10-22T00:18:11.650", "cisaActionDue": "2023-04-20", "cisaExploitAdd": "2023-03-30", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helpsystems:cobalt_strike:4.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F082C0F-93EC-4401-9A61-EA1C6599FC08"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability"}