Lucene search

INCIBECVELIST:CVE-2022-47186

HistorySep 28, 2023 - 1:26 p.m.

CVE-2022-47186 Unrestricted Upload of File vulnerability in Generex CS141

2023-09-2813:26:12

CWE-434

INCIBE

www.cve.org

generex cs141

unrestricted upload

file vulnerability

cve-2022-47186

security flaw

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the “upload” directory.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "UPS CS141",
    "vendor": "Generex",
    "versions": [
      {
        "lessThan": "2.06",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.generex.de/support/changelogs/cs141/page:2

www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

Related for CVELIST:CVE-2022-47186