CVE-2022-32268
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.
StarWind SAN y NAS v0.2 build 1914 permiten la ejecución remota de código. Se ha encontrado un fallo en la API REST de StarWind Stack. El comando REST, que permite cambiar el nombre de host, no comprueba un nuevo parámetro de nombre de host. Va directamente a bash como parte de un script. Un atacante con acceso de usuario no root puede inyectar datos arbitrarios en el comando que se ejecutará con privilegios de root
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-03 CVE Reserved
- 2022-06-03 CVE Published
- 2024-08-03 CVE Updated
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.starwindsoftware.com/security/sw-20220531-0001 | 2022-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Starwindsoftware Search vendor "Starwindsoftware" | Starwind San \& Nas Search vendor "Starwindsoftware" for product "Starwind San \& Nas" | 0.2 Search vendor "Starwindsoftware" for product "Starwind San \& Nas" and version "0.2" | build_1914 |
Affected
| ||||||