Vulnerability Details CVE-2022-1359
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.9%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 5.0
References
Products affected by CVE-2022-1359
-
cpe:2.3:o:cambiumnetworks:cnmaestro:2.4.2
-
cpe:2.3:o:cambiumnetworks:cnmaestro:3.0.0
-
cpe:2.3:o:cambiumnetworks:cnmaestro:3.0.3