Lucene search

[email protected]CVE-2022-4257

HistoryDec 01, 2022 - 3:15 p.m.

CVE-2022-4257

2022-12-0115:15:10

CWE-78

CWE-707

[email protected]

web.nvd.nist.gov

In Wild

vulnerability

c-data

web management system

critical

cve-2022-4257

argument injection

remote attack

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

JSON

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.

Affected configurations

NVD

Node

cdatatecc-data_web_management_systemMatch-

CPENameOperatorVersion
cdatatec:c-data_web_management_systemcdatatec c-data web management systemeq-

CPE	Name	Operator	Version
cdatatec:c-data_web_management_system	cdatatec c-data web management system	eq	-

CNA Affected

[
  {
    "vendor": "C-DATA",
    "product": "Web Management System",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md

vuldb.com/?id.214631

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for CVE-2022-4257

cvelist1 prion1 nvd1 attackerkb1