CVE-2022-1648
published 2022-07-26CVE-2022-1648: Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images…
PriorityP342high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.05%
59.9th percentile
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artica_pfms | pandora_fms | v760 – v760 | — |
| pandorafms | pandora_fms | <= 7.0_ng_760 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
blogs_talos·2022-11-22·CVSS 5.5
[MEDIUM] Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
## Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter.
Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devices. To accompany this, their CBFS Filter manages this file storage solution, allowing users to create filter and access rules, modify and encrypt data, etc.
Talos has identified three null pointer dereference vulnerabilities in CBFS Filter:
TALOS-2022-1647 (CVE-2022-43588)
TALOS-2022-1648 (CVE-2022-43589)
TALOS-2022-1649 (CVE-2022-43590)
A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.
Ci
Talos
Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
blogs_talos·2022-11-22·CVSS 5.5
CVE-2022-43588 [MEDIUM] Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter.
Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devices. To accompany this, their CBFS Filter manages this file storage solution, allowing users to create filter and access rules, modify and encrypt data, etc.
Talos has identified three null pointer dereference vulnerabilities in CBFS Filter:
TALOS-2022-1647 (CVE-2022-43588)
TALOS-2022-1648 (CVE-2022-43589)
TALOS-2022-1649 (CVE-2022-43590)
A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.
Cisco Talos worked with Callback Technologies to ensure that these issues were resolved and an upda
2022-07-26
Published