CVE-2022-48580
Description
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in ScienceLogic SL1's ARP ping device tool allows unauthenticated remote attackers to execute arbitrary commands on the underlying OS.
Vulnerability
ScienceLogic SL1's ARP ping device tool fails to sanitize user input, passing it directly to a shell command. This allows command injection. Affected versions: SL1 <= 11.1.2 [1].
Exploitation
An attacker with network access to the ScienceLogic SL1 can send crafted input to the ARP ping device tool feature, injecting arbitrary shell commands. No authentication or user interaction is required [1].
Impact
Successful exploitation leads to remote code execution on the underlying operating system with the privileges of the process, potentially leading to full system compromise [1].
Mitigation
Update to the latest version of ScienceLogic SL1. No workarounds are provided. The vendor has released a fix in a newer version [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ScienceLogic/SL 1v5Range: 11.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.