CVE-2022-40628
Remote Code Execution Vulnerability in Tacitine Firewall
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.
Esta vulnerabilidad se presenta en Tacitine Firewall, en todas las versiones de EN6200-PRIME QUAD-35 y EN6200-PRIME QUAD-100 entre 19.1.1 y 22.20.1 (incluyéndola), debido a un control inapropiado de la generación de código en la interfaz de administración basada en la web de Tacitine Firewall. Un atacante remoto no autenticado podría explotar esta vulnerabilidad mediante el envío de una petición http especialmente diseñada en el dispositivo objetivo. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto no autenticado ejecutar comandos arbitrarios en el dispositivo objetivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-13 CVE Reserved
- 2022-09-23 CVE Published
- 2024-09-05 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tacitine.com/newdownload/CVE-2022-40628.pdf | 2022-09-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tacitine Search vendor "Tacitine" | En6200-prime Quad-35 Firmware Search vendor "Tacitine" for product "En6200-prime Quad-35 Firmware" | >= 19.1.1 < 22.21.2 Search vendor "Tacitine" for product "En6200-prime Quad-35 Firmware" and version " >= 19.1.1 < 22.21.2" | - |
Affected
| in | Tacitine Search vendor "Tacitine" | En6200-prime Quad-35 Search vendor "Tacitine" for product "En6200-prime Quad-35" | - | - |
Safe
|
| Tacitine Search vendor "Tacitine" | En6200-prime Quad-100 Firmware Search vendor "Tacitine" for product "En6200-prime Quad-100 Firmware" | >= 19.1.1 < 22.21.2 Search vendor "Tacitine" for product "En6200-prime Quad-100 Firmware" and version " >= 19.1.1 < 22.21.2" | - |
Affected
| in | Tacitine Search vendor "Tacitine" | En6200-prime Quad-100 Search vendor "Tacitine" for product "En6200-prime Quad-100" | - | - |
Safe
|