Lucene search

[email protected]CVE-2022-26481

HistoryJul 17, 2022 - 11:15 p.m.

CVE-2022-26481

2022-07-1723:15:08

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-26481

poly studio

command injection

create csr

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.

Affected configurations

NVD

Node

polystudio_x30Match-

AND

polystudio_x30_firmwareRange<3.7.0

Node

polystudio_x70_firmwareRange<3.7.0

AND

polystudio_x70Match-

Node

polyg7500_firmwareRange<3.7.0

AND

polyg7500Match-

Node

polystudio_x50_firmwareRange<3.7.0

AND

polystudio_x50Match-

CPENameOperatorVersion
poly:studio_x30_firmwarepoly studio x30 firmwarelt3.7.0

CPE	Name	Operator	Version
poly:studio_x30_firmware	poly studio x30 firmware	lt	3.7.0

References

sec-consult.com/vulnerability-lab/advisory/authenticated-command-injection-in-poly-studio/

www.poly.com/us/en/support/security-center

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for CVE-2022-26481

prion1 cvelist1 zdt1 packetstorm1 nvd1