CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1356 – Cambium Networks cnMaestro use of Potentially Dangerous Function
https://notcve.org/view.php?id=CVE-2022-1356
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. cnMaestro es vulnerable a una escalada de privilegios local. Por defecto, un usuario no presenta privilegios de root. Sin embargo, un usuario puede ejecutar scripts como sudo, lo que podría permitir a un atacante alcanzar privilegios de root cuando ejecute scripts de usuario fuera de los comandos permitidos • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1357 – Cambium Networks cnMaestro OS Command Injection
https://notcve.org/view.php?id=CVE-2022-1357
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. El cnMaestro On-Premise afectado permite a un atacante no autenticado acceder al servidor de cnMaestro y ejecutar código arbitrario con los privilegios del servidor web. Esta falta de comprobación podría permitir a un atacante añadir datos arbitrarios al comando del registrador • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •