CVE-2022-1356 HIGH

CVE-2022-1356: Cambium Networks cnMaestro use of Potentially Dangerous Function

Vendor Cambium Networks

Product cnMaestro

Weakness CWE-78

Published May 17, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands.

Key dates

02Disclosure timeline

May 17, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1356 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2022-1356

CWE CWE-78

CVSS 7.1 / HIGH

Affected versions

Vendor Cambium Networks

Product cnMaestro

Affected ≥ unspecified and < 3.0.3-r32

Vendor Cambium Networks

Product cnMaestro

Affected ≥ unspecified and < 2.4.2-r29

Vendor Cambium Networks

Product cnMaestro

Affected ≥ unspecified and < 3.0.0-r34

CVE-2022-1356: Cambium Networks cnMaestro use of Potentially Dangerous Function

01Description

02Disclosure timeline

03References

04Related CVE