CVE-2022-1358

{"id": "CVE-2022-1358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.7}]}, "published": "2022-05-17T21:15:07.980", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database."}, {"lang": "es", "value": "El On-Premise afectado es vulnerable a una exfiltraci\u00f3n de datos mediante la neutralizaci\u00f3n inapropiada de elementos especiales usados en un comando SQL. Esto podr\u00eda permitir a un atacante exfiltrar y volcar todos los datos contenidos en la base de datos de cnMaestro"}], "lastModified": "2022-06-06T17:58:46.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambiumnetworks:cnmaestro:2.4.2:*:*:*:on_premises:*:*:*", "vulnerable": true, "matchCriteriaId": "93FCE8FD-61FF-4160-9581-C8DD573F5BE0"}, {"criteria": "cpe:2.3:o:cambiumnetworks:cnmaestro:3.0.0:*:*:*:on_premises:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2A97A9-FD28-4592-AB4A-E02E007B6CE3"}, {"criteria": "cpe:2.3:o:cambiumnetworks:cnmaestro:3.0.3:*:*:*:on_premises:*:*:*", "vulnerable": true, "matchCriteriaId": "105A9A7C-BC84-4332-B3A1-525947CFF0D2"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}