Unrated severityNVD Advisory· Published Jun 3, 2022· Updated Aug 3, 2024
CVE-2022-32268
CVE-2022-32268
Description
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- StarWind/SAN and NASdescription
- Range: = 0.2 build 1914
Patches
Vulnerability mechanics
References
1- www.starwindsoftware.com/security/sw-20220531-0001/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.