CVE-2022-42948
Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
2.7%
p84
KEV
YES
Mar 30, 2023
Exploit Today
75
0-100
Published: — · Last modified: —
2.7%EPSS · 30 days2.7%
2026-06-302026-07-16
Product
Fortra / Cobalt Strike
Vulnerability
Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
Added to KEV
Mar 30, 2023
Remediate by
Apr 20, 2023
Known ransomware use
No
Summary description
Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/; https://nvd.nist.gov/vuln/detail/CVE-2022-42948
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-39197—98.7%
KEV—80Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability—