CVE-2022-50925
Prowise · Reflect
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability via an exposed WebSocket on port 8082.
Executive summary
Prowise Reflect version 1.0.9 is vulnerable to remote keystroke injection, enabling unauthenticated attackers to execute arbitrary commands by sending malicious WebSocket messages.
Vulnerability
The application exposes a WebSocket on port 8082 that fails to authenticate incoming messages. Attackers can leverage this to inject keystrokes, effectively allowing them to interact with the host operating system as if they were physically present at the keyboard.
Business impact
An attacker can use this vulnerability to launch applications, exfiltrate data, or execute malicious scripts on the host system. The CVSS score of 9.8 reflects the high risk of remote code execution and unauthorized system interaction, which could lead to a total compromise of the affected workstation.
Remediation
Immediate Action: Update Prowise Reflect to the latest available version that addresses the WebSocket security flaw. If an update is not immediately available, disable or restrict access to the service running on port 8082.
Proactive Monitoring: Review system logs for unexpected application launches or suspicious keyboard input sequences originating from the network.
Compensating Controls: Use network-level firewalls to block external access to port 8082, ensuring that only authorized internal traffic can communicate with the service.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability represents a significant risk due to the ease of remote input injection. Organizations must prioritize restricting network access to the affected service and applying vendor patches as soon as they are released.