PT-2022-17413 · Profelis It Consultancy · Sambabox

Tugay Özçelebi

Published

2022-03-30

Updated

2022-04-07

CVE-2022-25619

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Profelis IT Consultancy SambaBox versions 4.0 and prior versions

Description The issue is related to an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in the ping tool of Profelis IT Consultancy SambaBox. This allows an authenticated user to cause the execution of arbitrary code.

Recommendations For versions 4.0 and prior, consider restricting access to the ping tool until a patch is available. As a temporary workaround, consider disabling the ping tool function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2022-25619

Affected Products

Sambabox

PT-2022-17413 · Profelis It Consultancy · Sambabox

CVE-2022-25619

Weakness Enumeration

Related Identifiers

Affected Products

References · 5