Lucene search

IcscertCVELIST:CVE-2022-1360

HistoryMay 17, 2022 - 8:17 p.m.

CVE-2022-1360 Cambium Networks cnMaestro OS Command Injection

2022-05-1720:17:51

CWE-78

icscert

www.cve.org

code execution

server configuration

remote attacker

cnmaestro

cambium networks

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

75.2%

JSON

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.

CNA Affected

[
  {
    "product": "cnMaestro",
    "vendor": "Cambium Networks",
    "versions": [
      {
        "lessThan": "3.0.3-r32",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "2.4.2-r29",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "3.0.0-r34",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-132-04

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

75.2%

JSON

Related for CVELIST:CVE-2022-1360