Unrated severityNVD Advisory· Published Feb 6, 2022· Updated Aug 3, 2024
CVE-2022-24552
CVE-2022-24552
Description
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- StarWind/Stackdescription
- Range: = build 1633
Patches
Vulnerability mechanics
References
1- www.starwindsoftware.com/security/sw-20220203-0001/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.