Lucene search

[email protected]CVE-2022-39986

HistoryAug 01, 2023 - 2:15 p.m.

CVE-2022-39986

2023-08-0114:15:09

CWE-77

[email protected]

web.nvd.nist.gov

cve-2022-39986

command injection

raspap

security vulnerability

unauthenticated attackers

arbitrary commands

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.881 High

EPSS

Percentile

98.7%

JSON

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.

Affected configurations

NVD

Node

raspapraspapRange2.8.0–2.8.7

CPENameOperatorVersion
raspap:raspapraspaple2.8.7

CPE	Name	Operator	Version
raspap:raspap	raspap	le	2.8.7

References

packetstormsecurity.com/files/174190/RaspAP-2.8.7-Unauthenticated-Command-Injection.html

github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php

medium.com/%40ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.881 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2022-39986

prion1 nvd1 osv2 github1 cvelist1 zdt1 veracode1 packetstorm1 nuclei1 githubexploit1 rapid7blog1