Lucene search

MitreCVE-2022-29937

HistoryApr 29, 2022 - 5:15 p.m.

CVE-2022-29937

2022-04-2917:15:23

CWE-78

mitre

web.nvd.nist.gov

usu oracle optimization

cve-2022-29937

datacollection

security vulnerability

root access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.

Affected configurations

Nvd

Node

usuoracle_optimizationMatch20210817

VendorProductVersionCPE
usuoracle_optimization20210817cpe:2.3:a:usu:oracle_optimization:20210817:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usu	oracle_optimization	20210817	cpe:2.3:a:usu:oracle_optimization:20210817:::::::*

References

github.com/orangecertcc/security-research/security/advisories/GHSA-xw3r-mq8p-fjv5

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Related for CVE-2022-29937