// For flags

CVE-2022-30284

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case

** EN DISPUTA ** En el paquete python-libnmap versiones hasta0.7.2 para Python, puede producirse una ejecución de un comando remoto (si es usado en una aplicación cliente que no comprueba los argumentos). NOTA: el proveedor cree que no sería realista que una aplicación llamara a NmapProcess con argumentos tomados de datos de entrada que llegaron a través de una red no confiable, y por lo tanto la puntuación CVSS corresponde a un caso de uso no realista. Ninguna documentación de NmapProcess implica que este sea un caso de uso esperado

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2022-05-04 CVE Reserved
  • 2022-05-04 CVE Published
  • 2024-05-30 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Python-libnmap Project
Search vendor "Python-libnmap Project"
Python-libnmap
Search vendor "Python-libnmap Project" for product "Python-libnmap"
<= 0.7.2
Search vendor "Python-libnmap Project" for product "Python-libnmap" and version " <= 0.7.2"
python
Affected