CVE-2022-27967

Vulnerability

Cynet 360 Web Portal versions before v4.5 contain an information disclosure vulnerability in the /WebApp/SettingsExclusion/GetExclusionsProfiles endpoint. An attacker can send a crafted GET request to this endpoint to retrieve a list of excluded files and profiles, which are normally intended to be hidden from unauthorized users. [1]

Exploitation

The attacker does not require authentication or special privileges; they only need network access to the Cynet 360 Web Portal. By sending a crafted GET request to /WebApp/SettingsExclusion/GetExclusionsProfiles, the server responds with the list of excluded files and profiles. No user interaction is needed.

Impact

Successful exploitation allows an attacker to obtain a list of excluded files and profiles. This information can reveal which files or paths are excluded from security scanning, potentially enabling the attacker to bypass detection by placing malicious files in those excluded locations. The impact is limited to information disclosure, but it can aid further attacks.

Mitigation

The vulnerability is fixed in Cynet 360 Web Portal version v4.5 and later. Users should upgrade to the latest version. No workarounds are documented in the available references. [1]