CVE-2022-50925

Prowise · Reflect

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability via an exposed WebSocket on port 8082.

Executive summary

Prowise Reflect version 1.0.9 is vulnerable to remote keystroke injection, enabling unauthenticated attackers to execute arbitrary commands by sending malicious WebSocket messages.

Vulnerability

The application exposes a WebSocket on port 8082 that fails to authenticate incoming messages. Attackers can leverage this to inject keystrokes, effectively allowing them to interact with the host operating system as if they were physically present at the keyboard.

Business impact

An attacker can use this vulnerability to launch applications, exfiltrate data, or execute malicious scripts on the host system. The CVSS score of 9.8 reflects the high risk of remote code execution and unauthorized system interaction, which could lead to a total compromise of the affected workstation.

Remediation

Immediate Action: Update Prowise Reflect to the latest available version that addresses the WebSocket security flaw. If an update is not immediately available, disable or restrict access to the service running on port 8082.

Proactive Monitoring: Review system logs for unexpected application launches or suspicious keyboard input sequences originating from the network.

Compensating Controls: Use network-level firewalls to block external access to port 8082, ensuring that only authorized internal traffic can communicate with the service.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability represents a significant risk due to the ease of remote input injection. Organizations must prioritize restricting network access to the affected service and applying vendor patches as soon as they are released.