CVE-2022-41924

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-41924
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41924.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41924
Aliases
Related
Published
2022-11-23T19:15:12Z
Modified
2025-02-19T03:30:16.439596Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.

References

Affected packages

Git / github.com/tailscale/tailscale

Affected ranges

Type
GIT
Repo
https://github.com/tailscale/tailscale
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.100.0
v0.100.0-107
v0.100.0-153
v0.96
v0.96.1
v0.97
v0.98
v0.98.0
v0.98.1
v0.99.0
v0.99.1

v1.*

v1.0.0
v1.1.0
v1.32.0
v1.32.1
v1.32.2