CVE-2022-37718

The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
edgenexusapplication_delivery_controller
4.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html
https://www.edgenexus.io/products/load-balancer/
https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html
https://www.edgenexus.io/products/load-balancer/