CVE-2022-23770 - Vulnerability Details - OpenCVE

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Wisa	Smart Wing Cms

Configuration 1 [-]

AND

cpe:2.3:a:wisa:smart_wing_cms:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66963

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2022-10-17T00:00:00

Updated: 2024-08-03T03:51:46.055Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23770

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-17T16:15:20.787

Modified: 2024-11-21T06:49:14.920

Link: CVE-2022-23770

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wisa:smart_wing_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "318422E4-CB41-49D5-9E87-FD2049EF7461", "versionEndExcluding": "19051", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal."}, {"lang": "es", "value": "Esta vulnerabilidad podr\u00eda permitir a un atacante remoto ejecutar comandos remotos con la comprobaci\u00f3n inapropiada de los par\u00e1metros de determinados constructores de la API. Los atacantes remotos podr\u00edan usar esta vulnerabilidad para ejecutar comandos maliciosos, como un salto de directorio"}], "id": "CVE-2022-23770", "lastModified": "2024-11-21T06:49:14.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-17T16:15:20.787", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66963"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}