CVE-2023-43322

Name of the Vulnerable Software and Affected Versions ZPE Systems, Inc Nodegrid OS versions 5.0.0 through 5.0.17 ZPE Systems, Inc Nodegrid OS versions 5.2.0 through 5.2.19 ZPE Systems, Inc Nodegrid OS versions 5.4.0 through 5.4.16 ZPE Systems, Inc Nodegrid OS versions 5.6.0 through 5.6.13 ZPE Systems, Inc Nodegrid OS versions 5.8.0 through 5.8.10 ZPE Systems, Inc Nodegrid OS versions 5.10.0 through 5.10.3

Description A command injection issue was discovered via the endpoint "/v1/system/toolkit/files/".

Recommendations For versions 5.0.0 through 5.0.17, consider disabling access to the "/v1/system/toolkit/files/" endpoint until a patch is available. For versions 5.2.0 through 5.2.19, consider disabling access to the "/v1/system/toolkit/files/" endpoint until a patch is available. For versions 5.4.0 through 5.4.16, consider disabling access to the "/v1/system/toolkit/files/" endpoint until a patch is available. For versions 5.6.0 through 5.6.13, consider disabling access to the "/v1/system/toolkit/files/" endpoint until a patch is available. For versions 5.8.0 through 5.8.10, consider disabling access to the "/v1/system/toolkit/files/" endpoint until a patch is available. For versions 5.10.0 through 5.10.3, consider disabling access to the "/v1/system/toolkit/files/" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.