Skip to main content

CVE-2022-45194: n/a in n/a

Low
VulnerabilityCVE-2022-45194cvecve-2022-45194
Published: Fri Nov 11 2022 (11/11/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.

AI-Powered Analysis

AILast updated: 06/25/2025, 18:16:35 UTC

Technical Analysis

CVE-2022-45194 is a vulnerability identified as an XML External Entity (XXE) attack vector affecting versions of CBRN-Analysis software prior to version 22. The vulnerability arises due to improper handling of XML input, specifically within an 'am mws' XML document processing component. An attacker can craft a malicious XML payload containing external entity references, which when parsed by the vulnerable application, can lead to disclosure of sensitive information. In this case, the disclosed information includes NTLMv2-SSP hashes, which are authentication hashes used in Windows environments for challenge-response authentication. The vulnerability is classified under CWE-611 (Improper Restriction of XML External Entity Reference), indicating that the XML parser does not adequately restrict external entity resolution. The CVSS 3.1 base score is 3.8 (low severity), with the vector indicating that the attack requires network access (AV:A - adjacent network), low attack complexity (AC:L), no privileges required (PR:N), and user interaction is required (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The vulnerability does not impact integrity or availability but compromises confidentiality by leaking authentication hashes. There are no known exploits in the wild, and no patches or vendor information are provided. The lack of vendor/project/product details limits the ability to identify specific affected deployments, but the nature of the vulnerability suggests it targets environments using the CBRN-Analysis software for chemical, biological, radiological, and nuclear threat analysis, which likely process XML data for threat assessment workflows.

Potential Impact

For European organizations, particularly those involved in national security, emergency response, defense, and critical infrastructure sectors that utilize CBRN-Analysis software, this vulnerability poses a risk of sensitive credential disclosure. The leakage of NTLMv2-SSP hashes can enable attackers to perform offline brute-force or relay attacks to impersonate legitimate users, potentially gaining unauthorized access to network resources. Although the attack requires user interaction and adjacency on the network, the impact on confidentiality could lead to lateral movement within sensitive environments. Given the strategic importance of CBRN threat analysis in Europe, exploitation could undermine operational security and response capabilities. However, the low CVSS score and lack of known exploits suggest the immediate risk is limited. Still, organizations handling sensitive CBRN data should consider this vulnerability seriously due to the potential for credential compromise and subsequent escalation.

Mitigation Recommendations

1. Disable or properly configure XML external entity processing in the XML parsers used by CBRN-Analysis software to prevent resolution of external entities. 2. Implement strict input validation and sanitization for all XML inputs, especially those originating from untrusted or user-controlled sources. 3. Employ network segmentation to restrict access to the CBRN-Analysis systems, limiting exposure to adjacent network attackers. 4. Monitor network traffic for unusual NTLM authentication attempts or hash relay activities indicative of exploitation attempts. 5. Enforce multi-factor authentication (MFA) on systems that accept NTLM authentication to reduce the risk of compromised hashes leading to unauthorized access. 6. Since no patches are currently available, consider applying virtual patching via web application firewalls (WAFs) or XML firewall solutions that can detect and block XXE payloads. 7. Educate users on the risks of interacting with untrusted XML documents and enforce strict controls on document sources. 8. Maintain up-to-date asset inventories to identify all instances of CBRN-Analysis software and monitor vendor communications for future patches or advisories.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-11-11T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9839c4522896dcbecdbe

Added to database: 5/21/2025, 9:09:13 AM

Last enriched: 6/25/2025, 6:16:35 PM

Last updated: 8/8/2025, 12:43:13 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats