Source: https://cobaltstrike.net/2022/02/23/cobalt-strike-4-5-https-listener-vulnerability/
A vulnerability, which was classified as problematic, was found in CobaltStrike up to 4.5. Affected is an unknown function of the component HTTPS Listener. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality. CVE summarizes:
CobaltStrike
The weakness was released 02/15/2022. The advisory is shared for download at donghuangt1.com. This vulnerability is traded as CVE-2022-23317 since 01/18/2022. The exploitability is told to be easy. It is possible to launch the attack remotely. The successful exploitation requires a authentication. There are neither technical details nor an exploit publicly available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CobaltStrike’s HTTP(S) listener does not verify the request URL with “/” at the beginning, and attackers can obtain relevant information by specifying the URL.
Payload
GET stager HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0Testing process
Sphere of influence
CobaltStrike <= 4.5
https://cve.cobaltstrike.net/cve/CVE-2022-23317