CVE-2022-48580
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 9, 2023
Updated: Aug 11, 2023
CWE ID 78
Summary
CVE-2022-48580 is a command injection vulnerability affecting the ARP ping device tool feature of ScienceLogic SL1. The issue stems from unsanitized user input being directly incorporated into shell commands, permitting attackers to inject arbitrary commands into the underlying operating system. Successful exploitation could result in significant system compromise. This vulnerability poses a serious risk to organizations utilizing ScienceLogic SL1 and underscores the importance of input validation and rigorous security practices.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share