CVE-2022-25619

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.

CVSS v3 3.8 LOW
CVSS v2.0 4.6 MEDIUM

3.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.3 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.sambabox.io/sambabox-surum-4-0/	Release Notes Vendor Advisory
https://www.sambabox.io/sambabox-surum-4-0/	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:profelis:sambabox:*:*:*:*:*:*:x86:*

History

21 Nov 2024, 06:52

Type	Values Removed	Values Added
CVSS	v2 : ~~4.6~~ v3 : ~~6.7~~	v2 : 4.6 v3 : 3.8
References	~~() https://www.sambabox.io/sambabox-surum-4-0/ - Release Notes, Vendor Advisory~~	() https://www.sambabox.io/sambabox-surum-4-0/ - Release Notes, Vendor Advisory

Information

Published : 2022-03-30 15:15

Updated : 2024-11-21 06:52

NVD link : CVE-2022-25619

Mitre link : CVE-2022-25619

CVE.ORG link : CVE-2022-25619

JSON object : View

Products Affected

profelis

sambabox

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2022-25619", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@profelis.com.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2022-03-30T15:15:08.260", "references": [{"url": "https://www.sambabox.io/sambabox-surum-4-0/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@profelis.com.tr"}, {"url": "https://www.sambabox.io/sambabox-surum-4-0/", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@profelis.com.tr", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86."}, {"lang": "es", "value": "Neutralizaci\u00f3n inadecuada de los elementos especiales utilizados en un comando ('Command Injection') vulnerabilidad en la herramienta ping de Profelis IT Consultancy SambaBox permite al usuario AUTENTICADO provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Este problema afecta: Profelis IT Consultancy SambaBox 4.0 versi\u00f3n 4.0 y versiones anteriores en x86"}], "lastModified": "2024-11-21T06:52:27.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:profelis:sambabox:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "72B249F6-F5DA-4809-AF06-D5071D3A04D3", "versionEndIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@profelis.com.tr"}