Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-47986 PoC — IBM Aspera Faspex code execution

Source
https://github.com/ohnonoyesyes/CVE-2022-47986
Associated Vulnerability
Title:IBM Aspera Faspex code execution (CVE-2022-47986)
Description:IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
Description
Aspera Faspex Pre Auth RCE
Readme
# CVE-2022-47986
Aspera Faspex Pre Auth RCE

https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/

Poc Usage:

```
python3 poc.py https://xxxxx whoami
```
File Snapshot

 [4.0K]  /data/pocs/5f3fdca10883ec94bfa34654f51157963cd87a35
├── [1.5K]  poc.py
└── [ 167]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →