CVE-2022-27224

{"id": "CVE-2022-27224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-05-09T15:15:07.940", "references": [{"url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.galsys.co.uk/support/software-download.html", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address)."}, {"lang": "es", "value": "Se ha detectado un problema en Galleon NTS-6002-GPS versi\u00f3n 4.14.103-Galleon-NTS-6002.V12 4. Un atacante autenticado puede llevar a cabo la inyecci\u00f3n de comandos como root por medio de metacaracteres de shell dentro de la secci\u00f3n de herramientas de red de la interfaz de administraci\u00f3n web. Las tres herramientas de red est\u00e1n afectadas (Ping, Traceroute y DNS Lookup) y sus respectivos campos de entrada (ping_address, trace_address, nslookup_address)"}], "lastModified": "2022-10-12T02:44:57.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:galsys:nts-6002-gps_firmware:4.14.103-galleon-nts-6002.v12_4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAA15FCD-0FD1-4854-B3D4-29B5A67817C4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:galsys:nts-6002-gps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97C00DBF-D33C-4690-871C-0B0537319E46"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}