9.8
CVE-2022-40628
- EPSS 4.94%
- Veröffentlicht 23.09.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 07:21:44
- Quelle vdisclose@cert-in.org.in
- CVE-Watchlists
- Unerledigt
LoginThis vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tacitine ≫ En6200-prime Quad-35 Firmware Version >= 19.1.1 < 22.21.2
Tacitine ≫ En6200-prime Quad-100 Firmware Version >= 19.1.1 < 22.21.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.94% | 0.892 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| vdisclose@cert-in.org.in | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.