CVE-2022-46649

Name of the Vulnerable Software and Affected Versions ALEOS versions prior to 4.16

Description The issue allows a user with valid credentials to manipulate the IP logging operation, potentially leading to the execution of arbitrary shell commands on the device. This is due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 4.16, update to version 4.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the iplogging.cgi executable file until a patch is available. Avoid using the IP logging operation with untrusted input until the issue is resolved.