Vulnerability Details CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2022-24552
-
cpe:2.3:a:starwindsoftware:nas:*
-
cpe:2.3:a:starwindsoftware:san:*