CVE-2022-43325 - OpenCVE

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Telosalliance	Omnia Mpx Node Firmware Omnia Mpx Node

Configuration 1 [-]

AND

cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.3.37:*:*:*:*:*:*:*

cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.3.35:*:*:*:*:*:*:*

cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*

References

Link	Resource
https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-43325	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-02T00:00:00

Updated: 2022-12-02T00:00:00

Reserved: 2022-10-17T00:00:00

Link: CVE-2022-43325

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-02T02:15:09.137

Modified: 2022-12-05T19:59:08.240

Link: CVE-2022-43325

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.3.37:*:*:*:*:*:*:*", "matchCriteriaId": "436344C6-D04F-4317-86A2-725243F87E5F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADBE36A-36A9-4F2B-93A5-DBF192B4405A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.3.35:*:*:*:*:*:*:*", "matchCriteriaId": "57B06B3E-47B3-4B34-978F-AC08ACF2EE7C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADBE36A-36A9-4F2B-93A5-DBF192B4405A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos no autenticados en la funci\u00f3n de validaci\u00f3n de licencia de producto de Telos Alliance Omnia MPX Node 1.3.* - 1.4.* permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de un payload manipulado inyectado en la entrada de la licencia."}], "id": "CVE-2022-43325", "lastModified": "2022-12-05T19:59:08.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-02T02:15:09.137", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-43325"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}