How severe is CVE-2022-41924?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2022-41924?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2022-41924

CRITICAL Year: 2022

CVSS v3 Score

9.6

Critical

Weakness Type

CWE-346

View all →

Vulnerability Description

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.

CVE-2000-1218

CRITICAL

CVSS:9.8(Critical)

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts tha...

CWE-3462000

CVE-2003-0174

CRITICAL

CVSS:9.8(Critical)

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a passw...

CWE-3462003

CVE-2017-13274

CRITICAL

CVSS:9.8(Critical)

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges neede...

CWE-3462017

CVE-2017-20146

CRITICAL

CVSS:9.8(Critical)

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the...

CWE-3462017

CVE-2018-15723

CRITICAL

CVSS:9.8(Critical)

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to ex...

CWE-3462018

CVE-2018-5116

CRITICAL

CVSS:9.8(Critical)

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins ...

CWE-3462018

CVE-2022-41924

Vulnerability Description

Related Vulnerabilities

CVE-2000-1218

CVE-2003-0174

CVE-2017-13274

CVE-2017-20146

CVE-2018-15723

CVE-2018-5116