Описание
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.
EPSS
Процентиль: 31%
0.00118
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.1
github
8 месяцев назад
An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated privileges.
EPSS
Процентиль: 31%
0.00118
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78