CVE-2022-48580

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Aug 11, 2023
CWE ID 78

Summary

CVE-2022-48580 is a command injection vulnerability affecting the ARP ping device tool feature of ScienceLogic SL1. The issue stems from unsanitized user input being directly incorporated into shell commands, permitting attackers to inject arbitrary commands into the underlying operating system. Successful exploitation could result in significant system compromise. This vulnerability poses a serious risk to organizations utilizing ScienceLogic SL1 and underscores the importance of input validation and rigorous security practices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share