CVSS: 9.0EPSS: 11%CPEs: 1EXPL: 1CVE-2022-37718
https://notcve.org/view.php?id=CVE-2022-37718
23 Jan 2023 — The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors • https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37719
https://notcve.org/view.php?id=CVE-2022-37719
23 Jan 2023 — A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. Una vulnerabilidad de Cross-site REquest Forgery (CSRF) en el portal de administración de JetNexus/EdgeNexus ADC 4.2.8 permite a los atacantes escalar privilegios y ejecutar código arbitrario a través de vectores no especificados. • https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html • CWE-352: Cross-Site Request Forgery (CSRF) •