{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39057", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "datePublished": "2022-10-18T00:00:00", "dateUpdated": "2022-10-18T00:00:00", "dateReserved": "2022-08-31T00:00:00"}, "containers": {"cna": {"title": "Changing Information Technology Inc. RAVA certificate validation system - Command Injection", "datePublic": "2022-10-18T00:00:00", "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2022-10-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service."}], "affected": [{"vendor": "Changing Information Technology Inc.", "product": "RAVA certificate validation system", "versions": [{"version": "3", "status": "affected"}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6618-11fd8-1.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78 OS Command Injection", "cweId": "CWE-78"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "TVN-202209013", "discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Contact tech support from Changing Information Technology Inc."}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:changingtec:rava_certificate_validation_system:3:*:*:*:*:*:*:*", "matchCriteriaId": "4585F6B4-D292-4A7E-8E63-7A5C08FF8BC1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service."}, {"lang": "es", "value": "El sistema de comprobaci\u00f3n de certificados de RAVA, presenta un filtrado insuficiente de los par\u00e1metros especiales del campo de entrada de la p\u00e1gina web. Un atacante remoto con privilegios de administrador puede explotar esta vulnerabilidad para llevar a cabo un comando arbitrario del sistema e interrumpir el servicio"}], "id": "CVE-2022-39057", "lastModified": "2023-06-27T18:44:28.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2022-10-18T06:15:09.197", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.twcert.org.tw/tw/cp-132-6618-11fd8-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}