New critical Cobalt Strike RCE bug identified

Post-exploitation tool Cobalt Strike is being impacted by a remote code execution flaw that could be exploited to take over targeted systems, reports The Hacker News. Cobalt Strike version 4.7.1 is affected by the vulnerability, tracked as CVE-2022-42928, which is related to an incomplete patch released last month that aimed to address the cross-site scripting flaw, tracked as CVE-2022-39197. "The XSS vulnerability could be triggered by manipulating some client-side UI input fields, by simulating a Cobalt Strike implant check-in or by hooking a Cobalt Strike implant running on a host," said IBM X-Force researchers. Threat actors could trigger remote code execution through the Java Swing framework, with the behavior potentially exploitable using an HTML <object> tag. "It should be noted here that this is a very powerful exploitation primitive," noted researchers, who added that the flaw could be leveraged for the development of a cross-platform payload for code execution. HelpSystems has already released an out-of-band update to address the flaw.