CVE-2022-23858 — Command Center vulnerability

3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Starwindsoftware Command Center

Timeline

PublishedJan 24

Latest updateJan 25

Description

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDstarwindsoftware/command_center2

🔴Vulnerability Details

GHSA

GHSA-2gfj-wm5m-4vc3: In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API↗2022-01-25

▶

CVEList

CVE-2022-23858: A flaw was found in the REST API↗2022-01-24

▶