Lucene search

KrcertCVE-2022-23770

HistoryOct 17, 2022 - 4:15 p.m.

CVE-2022-23770

2022-10-1716:15:20

CWE-20

CWE-22

krcert

web.nvd.nist.gov

cve

2022

23770

vulnerability

remote attacker

remote command execution

api constructors

improper validation

directory traversal

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.

Affected configurations

Nvd

Node

wisasmart_wing_cmsRange<19051

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
wisasmart_wing_cms*cpe:2.3:a:wisa:smart_wing_cms:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wisa	smart_wing_cms	*	cpe:2.3:a:wisa:smart_wing_cms::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

CNA Affected

[
  {
    "vendor": "WISA corp.",
    "product": "Smart Wing CMS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "ver.19051",
        "status": "affected",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Linux"
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66963

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

Related for CVE-2022-23770