Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2022-31137

Published: 08/07/2022 Updated: 24/05/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Roxy-wi

Vulnerability Summary

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions before 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

roxy-wi roxy-wi

Vendor Advisories

Check Point Security Alerts: Roxy-WI Command Injection (CVE-2022-3113; CVE-2022-31137; CVE-2022-31161)
Check Point Reference: CPAI-2022-1114 Date Published: 23 Jan 2023 Severity: Critical ...

Exploits

Exploit DB: Roxy WI 6.1.0.0 Remote Command Execution
Roxy WI version 6100 remote command execution exploit This is a variant of the original disclosure of remote command execution in this version by Nuri Cilengir in April of 2023 ...

References

CWE-78https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-53r2-mq99-f532https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755http://packetstormsecurity.com/files/167805/Roxy-WI-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.htmlhttp://packetstormsecurity.com/files/172547/Roxy-WI-6.1.0.0-Remote-Command-Execution.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/172547/Roxy-WI-6.1.0.0-Remote-Command-Execution.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2022-1114.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook