Lucene search

[email protected]NVD:CVE-2022-29937

HistoryApr 29, 2022 - 5:15 p.m.

CVE-2022-29937

2022-04-2917:15:23

CWE-78

[email protected]

web.nvd.nist.gov

usu oracle

optimization

authenticated users

agent root access

bypassing

blocked os commands

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.1%

JSON

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.

Affected configurations

Nvd

Node

usuoracle_optimizationMatch20210817

VendorProductVersionCPE
usuoracle_optimization20210817cpe:2.3:a:usu:oracle_optimization:20210817:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usu	oracle_optimization	20210817	cpe:2.3:a:usu:oracle_optimization:20210817:::::::*

References

github.com/orangecertcc/security-research/security/advisories/GHSA-xw3r-mq8p-fjv5

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.1%

JSON

Related for NVD:CVE-2022-29937

prion1 cve1 cnvd1 cvelist1