Lucene search

[email protected]NVD:CVE-2022-4364

HistoryDec 08, 2022 - 3:15 p.m.

CVE-2022-4364

2022-12-0815:15:10

CWE-707

CWE-78

[email protected]

web.nvd.nist.gov

teledyne flir ax8

command injection

remote attack

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.8%

JSON

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

flirflir_ax8_firmwareRange1.46.0–1.46.16

AND

flirflir_ax8Match-

VendorProductVersionCPE
flirflir_ax8_firmware*cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
flirflir_ax8-cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flir	flir_ax8_firmware	*	cpe:2.3:o:flir:flir_ax8_firmware::::::::
flir	flir_ax8	-	cpe:2.3:h:flir:flir_ax8:-:::::::*

References

github.com/siriuswhiter/VulnHub/blob/main/Flir/02-FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E1.md

vuldb.com/?id.215118

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.8%

JSON

Related for NVD:CVE-2022-4364

prion1 cve1 cvelist1