Cnmaestro

cnmaestro

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1362 1Cambiumnetworks 1Cnmaestro Nov 21, 2024 May 17, 2022 N/A· v4 7.3 HIGH· v3 9.3 HIGH· v2 The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the serv...Show more The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.Show less
CVE-2022-1361 1Cambiumnetworks 1Cnmaestro Nov 21, 2024 May 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user...Show more The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.Show less
CVE-2022-1360 1Cambiumnetworks 1Cnmaestro Nov 21, 2024 May 17, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.
CVE-2022-1359 1Cambiumnetworks 1Cnmaestro Nov 21, 2024 May 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../...Show more The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.Show less
CVE-2022-1358 1Cambiumnetworks 1Cnmaestro Nov 21, 2024 May 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro da...Show more The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database.Show less
CVE-2022-1357 1Cambiumnetworks 1Cnmaestro Nov 21, 2024 May 17, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to appen...Show more The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command.Show less
CVE-2022-1356 1Cambiumnetworks 1Cnmaestro Nov 21, 2024 May 17, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user...Show more cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands.Show less