CVE-2022-24552
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.
Se ha encontrado un fallo en la API REST de StarWind Stack. El comando REST, que manipula un disco virtual, no comprueba los parámetros de entrada. Algunos de ellos van directamente a bash como parte de un script. Un atacante con acceso de usuario no root puede inyectar datos arbitrarios en el comando que se ejecutará con privilegios de root. Esto afecta a StarWind SAN y NAS v0.2 build 1633
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-06 CVE Reserved
- 2022-02-06 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.starwindsoftware.com/security/sw-20220203-0001 | 2023-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Starwindsoftware Search vendor "Starwindsoftware" | Nas Search vendor "Starwindsoftware" for product "Nas" | < 0.2 Search vendor "Starwindsoftware" for product "Nas" and version " < 0.2" | - |
Affected
| ||||||
Starwindsoftware Search vendor "Starwindsoftware" | San Search vendor "Starwindsoftware" for product "San" | < 0.2 Search vendor "Starwindsoftware" for product "San" and version " < 0.2" | - |
Affected
|