CVE-2022-0073

Summary

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.

Affected Software

VendorProductVersion RangeStatus
LiteSpeed TechnologiesOpenLiteSpeed Web Server1.7.0 < 1.7.16.1affected
LiteSpeed TechnologiesLiteSpeed Web Server1.7.0 < 1.7.16.1affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References