CVE-2022-32665

In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/January-2023	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-03 21:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-32665

Mitre link : CVE-2022-32665

CVE.ORG link : CVE-2022-32665

JSON object : View

Products Affected

mediatek

en7528
en7580
linkit_software_development_kit

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2022-32665", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-03T21:15:12.700", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/January-2023", "tags": ["Vendor Advisory"], "source": "security@mediatek.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124."}, {"lang": "es", "value": "En Boa, existe una posible inyecci\u00f3n de comando debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: A20220026; ID del problema: OSBNB00144124."}], "lastModified": "2023-01-10T18:06:56.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED17B72-EC4D-46FC-8816-D5FF2A9675C7", "versionEndExcluding": "tlb7.3.258.100-p1-1555"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD990C82-4C61-479B-A49F-11A3C0812AC5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED17B72-EC4D-46FC-8816-D5FF2A9675C7", "versionEndExcluding": "tlb7.3.258.100-p1-1555"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "061DBB68-80AF-4016-AAE0-EE9DFDFB341B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mediatek.com"}