CVE-2022-1357
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cambium Networks | cnMaestro | unspecified < 3.0.3-r32 | affected |
| Cambium Networks | cnMaestro | unspecified < 2.4.2-r29 | affected |
| Cambium Networks | cnMaestro | unspecified < 3.0.0-r34 | affected |
Weaknesses
- CWE-78: CWE-78 OS Command Injection
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.