CVE-2022-4364
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Teledyne FLIR | AX8 | 1.46.0 | affected |
| Teledyne FLIR | AX8 | 1.46.1 | affected |
| Teledyne FLIR | AX8 | 1.46.2 | affected |
| Teledyne FLIR | AX8 | 1.46.3 | affected |
| Teledyne FLIR | AX8 | 1.46.4 | affected |
| Teledyne FLIR | AX8 | 1.46.5 | affected |
| Teledyne FLIR | AX8 | 1.46.6 | affected |
| Teledyne FLIR | AX8 | 1.46.7 | affected |
| Teledyne FLIR | AX8 | 1.46.8 | affected |
| Teledyne FLIR | AX8 | 1.46.9 | affected |
| Teledyne FLIR | AX8 | 1.46.10 | affected |
| Teledyne FLIR | AX8 | 1.46.11 | affected |
| Teledyne FLIR | AX8 | 1.46.12 | affected |
| Teledyne FLIR | AX8 | 1.46.13 | affected |
| Teledyne FLIR | AX8 | 1.46.14 | affected |
| Teledyne FLIR | AX8 | 1.46.15 | affected |
| Teledyne FLIR | AX8 | 1.46.16 | affected |
| Teledyne FLIR | AX8 | 1.49.16 | unaffected |
Weaknesses
- CWE-77: Command Injection
- CWE-74: Injection
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/siriuswhiter/VulnHub/blob/main/Flir/02-FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E1.md
- https://vuldb.com/?id.215118
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://vuldb.com/?id.215118
- https://vuldb.com/?ctiid.215118
- https://vuldb.com/?submit.55748
- https://github.com/siriuswhiter/VulnHub/blob/main/Flir/02-FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E1.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.