PT-2022-18887 · Tekon · Tekon Kio

Published

2022-03-30

Updated

2022-04-05

CVE-2022-28223

CVSS v3.1

9.1

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N

Name of the Vulnerable Software and Affected Versions Tekon KIO devices through 2022-03-30

Description The issue allows an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.

Recommendations For Tekon KIO devices through 2022-03-30, consider restricting the ability to upload Lua plugins to prevent privilege escalation until a fix is available.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-28223

Affected Products

Tekon Kio

PT-2022-18887 · Tekon · Tekon Kio

CVE-2022-28223

Weakness Enumeration

Related Identifiers

Affected Products

References · 5