Lucene search
TalosCVELIST:CVE-2022-40222HistoryJan 26, 2023 - 9:24 p.m.
CVE-2022-40222
2023-01-2621:24:35
CWE-78
talos
www.cve.org
6
siretta quartz-gold g5.0.1.5-210720-141020
command injection
network request vulnerability
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.2%
An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
CNA Affected
[
{
"vendor": "Siretta",
"product": "QUARTZ-GOLD",
"versions": [
{
"version": "G5.0.1.5-210720-141020",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2022-40222
2023-01-26 22:15:15
talos
talos
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd OS command injection vulnerability
2023-01-26 00:00:00
prion
prion
Command injection
2023-01-26 22:15:00
cnvd
cnvd
Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17083)
2023-01-30 00:00:00
nvd
nvd
CVE-2022-40222
2023-01-26 22:15:15
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.2%
Related for CVELIST:CVE-2022-40222