Lucene search
IcscertCVELIST:CVE-2022-1361HistoryMay 17, 2022 - 8:18 p.m.
CVE-2022-1361 Cambium Networks cnMaestro SQL Injection
2022-05-1720:18:28
CWE-89
icscert
www.cve.org
2
cve-2022-1361
cambium networks
cnmaestro
sql injection
pre-auth data exfiltration
improper neutralization
data exfiltration.
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
50.5%
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.
CNA Affected
[
{
"product": "cnMaestro",
"vendor": "Cambium Networks",
"versions": [
{
"lessThan": "3.0.3-r32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "2.4.2-r29",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.0.0-r34",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
Cambium Networks cnMaestro SQL Injection Vulnerability (CNVD-2022-64239)
2022-05-13 00:00:00
prion
prion
Sql injection
2022-05-17 21:15:00
cve
cve
CVE-2022-1361
2022-05-17 21:15:08
nvd
nvd
CVE-2022-1361
2022-05-17 21:15:08
ics
ics
Cambium Networks cnMaestro
2022-05-12 12:00:00
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
50.5%
Related for CVELIST:CVE-2022-1361