CVE-2022-23992

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
caCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
broadcomxcom_data_transport
11.6
broadcomxcom_data_transport
11.6
broadcomxcom_data_transport
11.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750