cbcvebase.
CVE-2022-1362
published 2022-05-17

CVE-2022-1362: The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this…

PriorityP341high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EPSS
0.73%
49.4th percentile
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.

Affected

6 ranges
VendorProductVersion rangeFixed in
cambium_networkscnmaestro>= unspecified < 3.0.3-r323.0.3-r32
cambium_networkscnmaestro>= unspecified < 2.4.2-r292.4.2-r29
cambium_networkscnmaestro>= unspecified < 3.0.0-r343.0.0-r34
cambiumnetworkscnmaestro
cambiumnetworkscnmaestro
cambiumnetworkscnmaestro

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.