Lucene search

INCIBEVULNRICHMENT:CVE-2022-47555

HistorySep 19, 2023 - 12:47 p.m.

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

2023-09-1912:47:13

CWE-78

INCIBE

github.com

cve-2022-47555

operating system command injection

ormazabal products

authenticated attacker

user creation

elevated privileges

backdoor setup

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

43.3%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*"
    ],
    "vendor": "ormazabal",
    "product": "ekorrci",
    "versions": [
      {
        "status": "affected",
        "version": "601j"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*"
    ],
    "vendor": "ormazabal",
    "product": "ekorccp",
    "versions": [
      {
        "status": "affected",
        "version": "601j"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

43.3%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-47555