Vulnerabilities > CVE-2022-32268 - Unspecified vulnerability in Starwindsoftware Starwind SAN & NAS 0.2

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

starwindsoftware

NVD

Published: 2022-06-03

Updated: 2022-11-16

Summary

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Starwindsoftware Starwindsoftware Starwind SAN & NAS 0.2	1

References

https://www.starwindsoftware.com/security/sw-20220531-0001/