CVE-2022-37108 HIGH

CVE-2022-37108

Vendor N/A
Product n/a
Published September 7, 2022
Last update August 3, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:H/S:C/UI:N

What the vulnerability does

01Description

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner.

Key dates

02Disclosure timeline

September 7, 2022 CVE published
August 3, 2024 Record updated