Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-36784
HistoryNov 17, 2022 - 11:15 p.m.

CVE-2022-36784

2022-11-1723:15:16
[email protected]
web.nvd.nist.gov
4
elsight
rce
remote code execution
web panel
post request
api
connection validation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

75.7%

JSON

Elsight – Elsight Halo  Remote Code Execution (RCE)
Elsight Halo web panel allows us to perform connection validation.
through the POST request :
/api/v1/nics/wifi/wlan0/ping
we can abuse DESTINATION parameter and leverage it to remote code execution.

Affected configurations

Nvd
Node
elsighthaloMatch-
AND
elsighthalo_firmwareMatch-
VendorProductVersionCPE
elsighthalo-cpe:2.3:h:elsight:halo:-:*:*:*:*:*:*:*
elsighthalo_firmware-cpe:2.3:o:elsight:halo_firmware:-:*:*:*:*:*:*:*

Related

prion 1
cve 1
cvelist 1
prion
prion
Remote code execution
2022-11-17 23:15:00
cve
cve
CVE-2022-36784
2022-11-17 23:15:16
cvelist
cvelist
CVE-2022-36784 Elsight – Elsight Halo Remote Code Execution (RCE)
2022-11-17 22:27:54

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

75.7%

JSON
Related for NVD:CVE-2022-36784
prion1cve1cvelist1