CVE-2022-45194: n/a in n/a
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.
AI Analysis
Technical Summary
CVE-2022-45194 is a vulnerability identified as an XML External Entity (XXE) attack vector affecting versions of CBRN-Analysis software prior to version 22. The vulnerability arises due to improper handling of XML input, specifically within an 'am mws' XML document processing component. An attacker can craft a malicious XML payload containing external entity references, which when parsed by the vulnerable application, can lead to disclosure of sensitive information. In this case, the disclosed information includes NTLMv2-SSP hashes, which are authentication hashes used in Windows environments for challenge-response authentication. The vulnerability is classified under CWE-611 (Improper Restriction of XML External Entity Reference), indicating that the XML parser does not adequately restrict external entity resolution. The CVSS 3.1 base score is 3.8 (low severity), with the vector indicating that the attack requires network access (AV:A - adjacent network), low attack complexity (AC:L), no privileges required (PR:N), and user interaction is required (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The vulnerability does not impact integrity or availability but compromises confidentiality by leaking authentication hashes. There are no known exploits in the wild, and no patches or vendor information are provided. The lack of vendor/project/product details limits the ability to identify specific affected deployments, but the nature of the vulnerability suggests it targets environments using the CBRN-Analysis software for chemical, biological, radiological, and nuclear threat analysis, which likely process XML data for threat assessment workflows.
Potential Impact
For European organizations, particularly those involved in national security, emergency response, defense, and critical infrastructure sectors that utilize CBRN-Analysis software, this vulnerability poses a risk of sensitive credential disclosure. The leakage of NTLMv2-SSP hashes can enable attackers to perform offline brute-force or relay attacks to impersonate legitimate users, potentially gaining unauthorized access to network resources. Although the attack requires user interaction and adjacency on the network, the impact on confidentiality could lead to lateral movement within sensitive environments. Given the strategic importance of CBRN threat analysis in Europe, exploitation could undermine operational security and response capabilities. However, the low CVSS score and lack of known exploits suggest the immediate risk is limited. Still, organizations handling sensitive CBRN data should consider this vulnerability seriously due to the potential for credential compromise and subsequent escalation.
Mitigation Recommendations
1. Disable or properly configure XML external entity processing in the XML parsers used by CBRN-Analysis software to prevent resolution of external entities. 2. Implement strict input validation and sanitization for all XML inputs, especially those originating from untrusted or user-controlled sources. 3. Employ network segmentation to restrict access to the CBRN-Analysis systems, limiting exposure to adjacent network attackers. 4. Monitor network traffic for unusual NTLM authentication attempts or hash relay activities indicative of exploitation attempts. 5. Enforce multi-factor authentication (MFA) on systems that accept NTLM authentication to reduce the risk of compromised hashes leading to unauthorized access. 6. Since no patches are currently available, consider applying virtual patching via web application firewalls (WAFs) or XML firewall solutions that can detect and block XXE payloads. 7. Educate users on the risks of interacting with untrusted XML documents and enforce strict controls on document sources. 8. Maintain up-to-date asset inventories to identify all instances of CBRN-Analysis software and monitor vendor communications for future patches or advisories.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Belgium, Sweden, Poland, Spain
CVE-2022-45194: n/a in n/a
Description
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.
AI-Powered Analysis
Technical Analysis
CVE-2022-45194 is a vulnerability identified as an XML External Entity (XXE) attack vector affecting versions of CBRN-Analysis software prior to version 22. The vulnerability arises due to improper handling of XML input, specifically within an 'am mws' XML document processing component. An attacker can craft a malicious XML payload containing external entity references, which when parsed by the vulnerable application, can lead to disclosure of sensitive information. In this case, the disclosed information includes NTLMv2-SSP hashes, which are authentication hashes used in Windows environments for challenge-response authentication. The vulnerability is classified under CWE-611 (Improper Restriction of XML External Entity Reference), indicating that the XML parser does not adequately restrict external entity resolution. The CVSS 3.1 base score is 3.8 (low severity), with the vector indicating that the attack requires network access (AV:A - adjacent network), low attack complexity (AC:L), no privileges required (PR:N), and user interaction is required (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The vulnerability does not impact integrity or availability but compromises confidentiality by leaking authentication hashes. There are no known exploits in the wild, and no patches or vendor information are provided. The lack of vendor/project/product details limits the ability to identify specific affected deployments, but the nature of the vulnerability suggests it targets environments using the CBRN-Analysis software for chemical, biological, radiological, and nuclear threat analysis, which likely process XML data for threat assessment workflows.
Potential Impact
For European organizations, particularly those involved in national security, emergency response, defense, and critical infrastructure sectors that utilize CBRN-Analysis software, this vulnerability poses a risk of sensitive credential disclosure. The leakage of NTLMv2-SSP hashes can enable attackers to perform offline brute-force or relay attacks to impersonate legitimate users, potentially gaining unauthorized access to network resources. Although the attack requires user interaction and adjacency on the network, the impact on confidentiality could lead to lateral movement within sensitive environments. Given the strategic importance of CBRN threat analysis in Europe, exploitation could undermine operational security and response capabilities. However, the low CVSS score and lack of known exploits suggest the immediate risk is limited. Still, organizations handling sensitive CBRN data should consider this vulnerability seriously due to the potential for credential compromise and subsequent escalation.
Mitigation Recommendations
1. Disable or properly configure XML external entity processing in the XML parsers used by CBRN-Analysis software to prevent resolution of external entities. 2. Implement strict input validation and sanitization for all XML inputs, especially those originating from untrusted or user-controlled sources. 3. Employ network segmentation to restrict access to the CBRN-Analysis systems, limiting exposure to adjacent network attackers. 4. Monitor network traffic for unusual NTLM authentication attempts or hash relay activities indicative of exploitation attempts. 5. Enforce multi-factor authentication (MFA) on systems that accept NTLM authentication to reduce the risk of compromised hashes leading to unauthorized access. 6. Since no patches are currently available, consider applying virtual patching via web application firewalls (WAFs) or XML firewall solutions that can detect and block XXE payloads. 7. Educate users on the risks of interacting with untrusted XML documents and enforce strict controls on document sources. 8. Maintain up-to-date asset inventories to identify all instances of CBRN-Analysis software and monitor vendor communications for future patches or advisories.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-11T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9839c4522896dcbecdbe
Added to database: 5/21/2025, 9:09:13 AM
Last enriched: 6/25/2025, 6:16:35 PM
Last updated: 8/8/2025, 12:43:13 AM
Views: 11
Related Threats
CVE-2025-8690: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in addix Simple Responsive Slider
MediumCVE-2025-8688: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ebernstein Inline Stock Quotes
MediumCVE-2025-8685: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emilien Wp chart generator
MediumCVE-2025-8621: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in odn Mosaic Generator
MediumCVE-2025-8568: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in prabode GMap Generator
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.