Vulnerability Details : CVE-2022-31161
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.
Products affected by CVE-2022-31161
- cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31161
14.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31161
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L |
3.9
|
6.0
|
GitHub, Inc. |
CWE ids for CVE-2022-31161
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: security-advisories@github.com (Primary)
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: security-advisories@github.com (Primary)
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2022-31161
-
http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html
Roxy WI 6.1.1.0 Remote Code Execution ≈ Packet Storm
-
https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-pg3w-8p63-x483
Unauthenticated Remote Code Execution via ssl_cert Upload · Advisory · hap-wi/roxy-wi · GitHubThird Party Advisory
-
https://github.com/hap-wi/roxy-wi/releases/tag/v6.1.1.0
Release v6.1.1.0 · hap-wi/roxy-wi · GitHubRelease Notes;Third Party Advisory
Jump to