// For flags

CVE-2022-3967

Vesta Control Panel sed main.sh argument injection

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability.

Una vulnerabilidad fue encontrada en Vesta Control Panel y clasificada como crítica. Una función desconocida del archivo func/main.sh del componente sed Handler es afectada por esta vulnerabilidad. La manipulación conduce a la inyección de argumentos. Un ataque debe abordarse localmente. El nombre del parche es 39561c32c12cabe563de48cc96eccb9e2c655e25. Se recomienda aplicar un parche para solucionar este problema. VDB-213546 es el identificador asignado a esta vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-11-13 CVE Reserved
  • 2022-11-13 CVE Published
  • 2024-06-05 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-707: Improper Neutralization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vestacp
Search vendor "Vestacp"
Control Panel
Search vendor "Vestacp" for product "Control Panel"
< 2022-07-18
Search vendor "Vestacp" for product "Control Panel" and version " < 2022-07-18"
-
Affected