PT-2022-13823 · Cambium Networks · Cnmaestro

Noam Moshe

Published

2022-05-17

Updated

2022-06-06

CVE-2022-1357

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cnMaestro (affected versions not specified)

Description The issue allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code with the privileges of the web server. This is due to a lack of validation, which could enable an attacker to append arbitrary data to the logger command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2022-1357

Affected Products

Cnmaestro

PT-2022-13823 · Cambium Networks · Cnmaestro

CVE-2022-1357

Weakness Enumeration

Related Identifiers

Affected Products

References · 3