CVE-2022-40497
First published: Wed Sep 28 2022(Updated: )
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wazuh Wazuh | >=3.6.1<=3.13.5 | |
| Wazuh Wazuh | >=4.0.0<=4.2.7 | |
| Wazuh Wazuh | >=4.3.0<=4.3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-40497.
What is the severity of CVE-2022-40497?
The severity of CVE-2022-40497 is high. (CVSS score: 8.8)
What is the affected software?
The affected software is Wazuh versions 3.6.1 - 3.13.5, 4.0.0 - 4.2.7, and 4.3.0 - 4.3.7.
What is the vulnerability description of CVE-2022-40497?
CVE-2022-40497 is an authenticated remote code execution (RCE) vulnerability in Wazuh via the Active Response endpoint.
How can I fix CVE-2022-40497?
Update Wazuh to a version that is not affected. Refer to the vendor's website for patches and upgrades.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/wazuh
- canonical/wazuh wazuh
- version/wazuh wazuh/3.6.1
- version/wazuh wazuh/3.13.5
- version/wazuh wazuh/4.0.0
- version/wazuh wazuh/4.2.7
- version/wazuh wazuh/4.3.0
- version/wazuh wazuh/4.3.7