Lucene search
HistoryJan 26, 2023 - 10:15 p.m.
CVE-2022-40222
command injection
siretta quartz-gold
vulnerability
network request
arbitrary command execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.2%
An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
Affected configurations
Node
sirettaquartz-gold_firmwareMatchg5.0.1.5-210720-141020
sirettaquartz-goldMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siretta | quartz-gold_firmware | g5.0.1.5-210720-141020 | cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:* |
| siretta | quartz-gold | - | cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2022-40222
2023-01-26 22:15:15
talos
talos
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd OS command injection vulnerability
2023-01-26 00:00:00
prion
prion
Command injection
2023-01-26 22:15:00
cnvd
cnvd
Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17083)
2023-01-30 00:00:00
cvelist
cvelist
CVE-2022-40222
2023-01-26 21:24:35
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.2%
Related for NVD:CVE-2022-40222