CVE-2022-42457

High

9.1/10

Summary

Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Oct 06, 2022

CVE-2022-42457

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS