High severity7.5NVD Advisory· Published Feb 15, 2022· Updated Jun 17, 2026
CVE-2022-23317
CVE-2022-23317
Description
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
Affected products
2- CobaltStrike/CobaltStrikedescription
- Range: <=4.5
Patches
Vulnerability mechanics
References
1- donghuangt1.com/writings/Stager/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.