CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.starwindsoftware.com/security/sw-20220203-0001/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:starwindsoftware:nas::::::::
	cpe:2.3:a:starwindsoftware:san::::::::

History

No history.

Information

Published : 2022-02-06 21:15

Updated : 2023-08-08 14:21

NVD link : CVE-2022-24552

Mitre link : CVE-2022-24552

CVE.ORG link : CVE-2022-24552

JSON object : View

Products Affected

starwindsoftware

nas
san

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-24552", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-02-06T21:15:08.073", "references": [{"url": "https://www.starwindsoftware.com/security/sw-20220203-0001/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn\u2019t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633."}, {"lang": "es", "value": "Se ha encontrado un fallo en la API REST de StarWind Stack. El comando REST, que manipula un disco virtual, no comprueba los par\u00e1metros de entrada. Algunos de ellos van directamente a bash como parte de un script. Un atacante con acceso de usuario no root puede inyectar datos arbitrarios en el comando que se ejecutar\u00e1 con privilegios de root. Esto afecta a StarWind SAN y NAS v0.2 build 1633"}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:starwindsoftware:nas:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A14DD42C-CF3A-4C98-9655-A12D41DE318A", "versionEndExcluding": "0.2"}, {"criteria": "cpe:2.3:a:starwindsoftware:san:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6D1B679-1207-4A20-87DC-F6B62B373477", "versionEndExcluding": "0.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}