CVE-2022-27903

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-27903
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.eve-ng.net/ Vendor Advisory
https://www.eve-ng.net/index.php/documentation/release-notes/ Release Notes Vendor Advisory
https://www.eve-ng.net/ Vendor Advisory
https://www.eve-ng.net/index.php/documentation/release-notes/ Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eve-ng:eve-ng:*:*:*:*:community:*:*:*
cpe:2.3:a:eve-ng:eve-ng:*:*:*:*:professional:*:*:*
History

21 Nov 2024, 06:56

Type Values Removed Values Added
References () https://www.eve-ng.net/ - Vendor Advisory () https://www.eve-ng.net/ - Vendor Advisory
References () https://www.eve-ng.net/index.php/documentation/release-notes/ - Release Notes, Vendor Advisory () https://www.eve-ng.net/index.php/documentation/release-notes/ - Release Notes, Vendor Advisory

11 May 2022, 19:07

Type Values Removed Values Added
CWE CWE-78
CVSS v2 : unknown
v3 : unknown 		v2 : 9.0
v3 : 8.8
References (MISC) https://www.eve-ng.net/ - (MISC) https://www.eve-ng.net/ - Vendor Advisory
References (MISC) https://www.eve-ng.net/index.php/documentation/release-notes/ - (MISC) https://www.eve-ng.net/index.php/documentation/release-notes/ - Release Notes, Vendor Advisory
CPE cpe:2.3:a:eve-ng:eve-ng:*:*:*:*:community:*:*:*
cpe:2.3:a:eve-ng:eve-ng:*:*:*:*:professional:*:*:*

04 May 2022, 15:35

Type Values Removed Values Added
New CVE
Information

Published : 2022-05-04 14:15

Updated : 2024-11-21 06:56

NVD link : CVE-2022-27903

Mitre link : CVE-2022-27903

CVE.ORG link : CVE-2022-27903

JSON object : View

Products Affected

eve-ng

  • eve-ng
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')