CVE-2022-37108 - Vulnerability Details - OpenCVE

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Securonix	Snypr

Configuration 1 [-]

cpe:2.3:a:securonix:snypr:6.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://conway.scot/securonix-rce/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-07T13:06:27

Updated: 2024-08-03T10:21:33.157Z

Reserved: 2022-08-01T00:00:00

Link: CVE-2022-37108

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-07T14:15:09.157

Modified: 2024-11-21T07:14:28.217

Link: CVE-2022-37108

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the \"Manage Ingesters\" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:H/S:C/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-07T13:06:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://conway.scot/securonix-rce/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-37108", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the \"Manage Ingesters\" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:H/S:C/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://conway.scot/securonix-rce/", "refsource": "MISC", "url": "https://conway.scot/securonix-rce/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:21:33.157Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://conway.scot/securonix-rce/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37108", "datePublished": "2022-09-07T13:06:27", "dateReserved": "2022-08-01T00:00:00", "dateUpdated": "2024-08-03T10:21:33.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:securonix:snypr:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "294463B2-F266-4C2C-8AC1-23CD10BB8CD9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the \"Manage Ingesters\" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n en el asistente de configuraci\u00f3n de syslog-ng en Securonix Snypr versi\u00f3n 6.4, permite que un usuario de la aplicaci\u00f3n con el permiso \"Manage Ingesters\" ejecute c\u00f3digo arbitrario en los ingesters remotos al a\u00f1adir texto arbitrario a los archivos de texto que son ejecutados por el sistema, como los archivos crontab de los usuarios. El parche para esto estaba presente en la versi\u00f3n 6.4 Jun 2022 R3_[06170871] de SNYPR, pero puede haber sido introducido antes"}], "id": "CVE-2022-37108", "lastModified": "2024-11-21T07:14:28.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-07T14:15:09.157", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://conway.scot/securonix-rce/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://conway.scot/securonix-rce/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}