Headline
CVE-2022-48580: CVE-2022-48580
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Skip to content
HOME
ABOUT
ADVISORIES
BLOG
PROJECTS
CONTACT
HOME
ABOUT
ADVISORIES
BLOG
PROJECTS
CONTACT
CVE-2022-48580b0yd2023-08-09T17:00:51+00:00
The following vulnerability was found in ScienceLogic SL1.******CVE-2022-48580******A command injection vulnerability exists in the “ARP ping device tool” feature of the ScienceLogic SL1
that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for
the injection of arbitrary commands to the underlying operating system.
- ScienceLogic SL1 <= 11.1.2
Update to the latest version of ScienceLogic SL1.
09.06.2022
Notified vendor of vulnerability
10.04.2022
Vendor hires law firm to manage disclosure
10.28.2023
Vendor refuses CVE issuance and disclosure
11.28.2022
Vendor’s legal team strongly advises against disclosing to MITRE
06.07.2023
Vendor notified of intent to issue CVEs and disclose vulnerabilities
08.09.2023
Page load link
Go to Top