CVE-2022-1359
published 2022-05-17CVE-2022-1359: The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a…
PriorityP351high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.88%
54.4th percentile
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cambium_networks | cnmaestro | >= unspecified < 3.0.3-r32 | 3.0.3-r32 |
| cambium_networks | cnmaestro | >= unspecified < 2.4.2-r29 | 2.4.2-r29 |
| cambium_networks | cnmaestro | >= unspecified < 3.0.0-r34 | 3.0.0-r34 |
| cambiumnetworks | cnmaestro | — | — |
| cambiumnetworks | cnmaestro | — | — |
| cambiumnetworks | cnmaestro | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qpf9-w85c-45gv: The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside
ghsa_unreviewed·2022-05-18
CVE-2022-1359 [HIGH] CWE-22 GHSA-qpf9-w85c-45gv: The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.
CISA ICS
Cambium Networks cnMaestro
cisa_ics·2022-05-12·CVSS 9.8
[CRITICAL] Cambium Networks cnMaestro
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Cambium Networks cnMaestro
Last RevisedMay 12, 2022
Alert CodeICSA-22-132-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Cambium Networks
- Equipment: cnMaestro
- Vulnerabilities: OS Command Injection, SQL Injection, Path Traversal, Use of Potentially Dangerous Function
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain remote code execution, sensitive data exfiltration, and complete takeover of the main multi-tenant cloud infrastructure.
## 3. TECHNICAL DETAILS
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-17
Published