Описание
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.38 (включая)
cpe:2.3:a:primasystems:flexair:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.27173
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
Prima Systems FlexAir devices allow Authenticated Command Injection resulting in Root Remote Code Execution.
EPSS
Процентиль: 96%
0.27173
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78