CVE-2022-42496

2022-12-0504:15:10

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-42496

nako3edit

editor component

nadesiko3

pc version

os command injection

vulnerability

remote attacker

appkey

execute

arbitrary os command

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.4%

JSON

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.

Affected configurations

NVD

Node

kujirahandnadesiko3Range≤3.3.74

CPENameOperatorVersion
kujirahand:nadesiko3kujirahand nadesiko3le3.3.74

CPE	Name	Operator	Version
kujirahand:nadesiko3	kujirahand nadesiko3	le	3.3.74

CNA Affected

[
  {
    "vendor": "kujirahand",
    "product": "Nako3edit, editor component of nadesiko3 (PC Version)",
    "versions": [
      {
        "version": "v3.3.74 and earlier",
        "status": "affected"
      }
    ]
  }
]