CVE-2022-42490: OS Command Injection
First published: Thu Jan 26 2023(Updated: )
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siretta Quartz-gold Firmware | =g5.0.1.5-210720-141020 | |
| Siretta QUARTZ-GOLD |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for these OS command injection vulnerabilities?
The vulnerability ID is CVE-2022-42490.
What is the affected software?
The affected software is Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.
What is the severity of CVE-2022-42490?
The severity of CVE-2022-42490 is critical with a severity value of 9.8.
How can an attacker exploit CVE-2022-42490?
An attacker can exploit CVE-2022-42490 by sending a specially-crafted network request to the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020, which can lead to arbitrary command execution.
Is Siretta QUARTZ-GOLD vulnerable to CVE-2022-42490?
No, Siretta QUARTZ-GOLD is not vulnerable to CVE-2022-42490.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/siretta
- canonical/siretta quartz-gold firmware
- version/siretta quartz-gold firmware/g5.0.1.5-210720-141020
- canonical/siretta quartz-gold