CVE-2022-50789
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the vulnerable dns.php script, which triggers command execution and then deletes the file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SOUND4 Ltd. | Impact/Pulse/First | Version 2: 1.1/2.15 | affected |
| SOUND4 Ltd. | Impact/Pulse Eco | 1.16 | affected |
| SOUND4 Ltd. | BigVoice4 | 1.2 | affected |
| SOUND4 Ltd. | BigVoice2 | 1.30 | affected |
| SOUND4 Ltd. | Stream | 1.1/2.4.29 | affected |
| Kantar Media | WM2 | 1.11 | affected |
Weaknesses
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5733.php
- https://packetstormsecurity.com/files/170260/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-dns.php-Command-Injection.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/247922
- https://www.sound4.com/
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-conditional-command-injection-via-dnsphp
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.