CVE-2022-37718

EUVD-2022-40332
The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
edgenexusapplication_delivery_controller
4.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html
https://www.edgenexus.io/products/load-balancer/
https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html
https://www.edgenexus.io/products/load-balancer/