CVE-2022-27903

Name of the Vulnerable Software and Affected Versions Eve-NG Professional versions 4.0.1-65 and earlier Eve-NG Community versions 2.0.3-112 and earlier

Description The issue allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files. This is due to an OS Command Injection vulnerability in the configuration parser.

Recommendations For Eve-NG Professional versions 4.0.1-65 and earlier, update to a version later than 4.0.1-65 to resolve the issue. For Eve-NG Community versions 2.0.3-112 and earlier, update to a version later than 2.0.3-112 to resolve the issue. As a temporary workaround, consider restricting access to editing virtualization command parameters of imported UNL files until a patch is available.