Vulnerability Details : CVE-2022-44794
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611.
Products affected by CVE-2022-44794
- cpe:2.3:a:objectfirst:object_first:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-44794
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-44794
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2022-44794
-
https://objectfirst.com/security/of-20221024-0001/
Remote code execution vulnerability in Object First - Object FirstVendor Advisory
Jump to