CVE-2022-32534 HIGH

CVE-2022-32534: OS Command Injection

Vendor Bosch

Product PRA-ES8P2S

Weakness CWE-20 · Input validation

Published June 22, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands.

Key dates

02Disclosure timeline

June 22, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32534 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2020-1679 Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled. CVE-2019-1921 Cisco Email Security Appliance Content Filter Bypass Vulnerability CVE-2021-44408 CVE-2023-0868 Stealing Cookies using Reflected XSS via graph results CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org