Lucene search

[email protected]NVD:CVE-2022-23770

HistoryOct 17, 2022 - 4:15 p.m.

CVE-2022-23770

2022-10-1716:15:20

CWE-20

CWE-22

[email protected]

web.nvd.nist.gov

vulnerability

remote commands

api constructor

directory traversal

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.4%

JSON

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.

Affected configurations

Nvd

Node

wisasmart_wing_cmsRange<19051

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
wisasmart_wing_cms*cpe:2.3:a:wisa:smart_wing_cms:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wisa	smart_wing_cms	*	cpe:2.3:a:wisa:smart_wing_cms::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66963

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.4%

JSON

Related for NVD:CVE-2022-23770

cve1 prion1 cvelist1