CVE-2022-40222

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020

Description An OS command injection issue exists in the m2m DELETE FILE cmd functionality. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this issue.

Recommendations For Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020, as a temporary workaround, consider restricting access to the m2m DELETE FILE cmd functionality until a patch is available. Avoid using the vulnerable functionality in the affected version to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.