Teledyne FLIR AX8 up to 1.46.16 Web Service palette.php palette command injection

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. Using CWE to declare the problem leads to CWE-77. The weakness was presented 12/08/2022. The advisory is available at github.com. This vulnerability is traded as CVE-2022-4364. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1202 by the MITRE ATT&CK project. It is declared as proof-of-concept. The exploit is shared for download at github.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	43

Field

vulnerability_cvss3_meta_tempscore	2
vulnerability_cvss3_meta_basescore	2
vulnerability_cvss3_cna_basescore	1
vulnerability_cvss3_nvd_basescore	1
source_cve_cna	1

Commit Conf

90%	36
70%	19
50%	10

Approve Conf

90%	36
70%	19
80%	10

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
13465258	01/01/2023	VulD...	cvss3_cna_basescore	7.3	see CVSS documentation	01/01/2023	accepted	90
13465257	01/01/2023	VulD...	cvss3_nvd_basescore	9.8	nist.gov	01/01/2023	accepted	90
13465256	01/01/2023	VulD...	cvss3_meta_tempscore	7.9	see CVSS documentation	01/01/2023	accepted	90
13465255	01/01/2023	VulD...	cvss3_meta_basescore	8.1	see CVSS documentation	01/01/2023	accepted	90
13465254	01/01/2023	VulD...	cve_cna	VulDB	nvd.nist.gov	01/01/2023	accepted	70
13465253	01/01/2023	VulD...	cvss3_cna_a	L	nvd.nist.gov	01/01/2023	accepted	70
13465252	01/01/2023	VulD...	cvss3_cna_i	L	nvd.nist.gov	01/01/2023	accepted	70
13465251	01/01/2023	VulD...	cvss3_cna_c	L	nvd.nist.gov	01/01/2023	accepted	70
13465250	01/01/2023	VulD...	cvss3_cna_s	U	nvd.nist.gov	01/01/2023	accepted	70
13465249	01/01/2023	VulD...	cvss3_cna_ui	N	nvd.nist.gov	01/01/2023	accepted	70
13465248	01/01/2023	VulD...	cvss3_cna_pr	N	nvd.nist.gov	01/01/2023	accepted	70
13465247	01/01/2023	VulD...	cvss3_cna_ac	L	nvd.nist.gov	01/01/2023	accepted	70
13465246	01/01/2023	VulD...	cvss3_cna_av	N	nvd.nist.gov	01/01/2023	accepted	70
13465245	01/01/2023	VulD...	cvss3_nvd_a	H	nvd.nist.gov	01/01/2023	accepted	70
13465244	01/01/2023	VulD...	cvss3_nvd_i	H	nvd.nist.gov	01/01/2023	accepted	70
13465243	01/01/2023	VulD...	cvss3_nvd_c	H	nvd.nist.gov	01/01/2023	accepted	70
13465242	01/01/2023	VulD...	cvss3_nvd_s	U	nvd.nist.gov	01/01/2023	accepted	70
13465241	01/01/2023	VulD...	cvss3_nvd_ui	N	nvd.nist.gov	01/01/2023	accepted	70
13465240	01/01/2023	VulD...	cvss3_nvd_pr	N	nvd.nist.gov	01/01/2023	accepted	70
13465239	01/01/2023	VulD...	cvss3_nvd_ac	L	nvd.nist.gov	01/01/2023	accepted	70

45 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 45 results.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!