Lucene search

ProfelisCVELIST:CVE-2022-25619

HistoryMar 30, 2022 - 2:55 p.m.

CVE-2022-25619 Authenticated Command Injection to RCE

2022-03-3014:55:17

CWE-77

Profelis

www.cve.org

cve-2022-25619

command injection

profelis it consultancy sambabox

authenticated user

arbitrary code

vulnerability

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

EPSS

Percentile

12.6%

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.

CNA Affected

[
  {
    "platforms": [
      "x86"
    ],
    "product": "SambaBox",
    "vendor": "Profelis IT Consultancy",
    "versions": [
      {
        "lessThanOrEqual": "4.0",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.sambabox.io/sambabox-surum-4-0/

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-25619