CVE-2023-37569 OS Command Injection Vulnerability in Emagic Data Center Management Suite

2023-08-0808:04:22

CWE-78

CERT-In

www.cve.org

os command injection

emagic data center management suite

input sanitization

ping component

remote authenticated attacker

arbitrary code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.01

Percentile

84.0%

JSON

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

CNA Affected

[
  {
    "vendor": "ESDS",
    "product": "Emagic Data Center Management Suite",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "V6.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]