An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://conway.scot/securonix-rce/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-07T13:06:27
Updated: 2024-08-03T10:21:33.157Z
Reserved: 2022-08-01T00:00:00
Link: CVE-2022-37108
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-07T14:15:09.157
Modified: 2024-11-21T07:14:28.217
Link: CVE-2022-37108
Redhat
No data.