CVE-2022-39057

{"id": "CVE-2022-39057", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-10-18T06:15:09.197", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6618-11fd8-1.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service."}, {"lang": "es", "value": "El sistema de comprobaci\u00f3n de certificados de RAVA, presenta un filtrado insuficiente de los par\u00e1metros especiales del campo de entrada de la p\u00e1gina web. Un atacante remoto con privilegios de administrador puede explotar esta vulnerabilidad para llevar a cabo un comando arbitrario del sistema e interrumpir el servicio"}], "lastModified": "2023-06-27T18:44:28.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:changingtec:rava_certificate_validation_system:3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4585F6B4-D292-4A7E-8E63-7A5C08FF8BC1"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}