□ Overview
o WISA corp. released security update to address Remote Command Execution vulnerability in Smart Wing CMS.
□ Description
o This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors.
o Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.
□ Affected Product
□ Solution
o Update software(solution) of latest version of Smart Wing CMS.
□ Reference
[1] https://www.wisa.co.kr
□ Acknowledgements
o Thanks to Cho Hyeongrae for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
o WISA corp. released security update to address Remote Command Execution vulnerability in Smart Wing CMS.
| Vulnerability Type | Impact | Severity | CVSS Score | CVE ID |
|---|---|---|---|---|
| improper input validation | Remote Command Execution |
High | 8.8 | CVE-2022-23770 |
□ Description
o This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors.
o Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.
□ Affected Product
| Product | Version | Platform |
|---|---|---|
| Smart Wing CMS | less than ver.19051 | Linux |
□ Solution
o Update software(solution) of latest version of Smart Wing CMS.
□ Reference
[1] https://www.wisa.co.kr
□ Acknowledgements
o Thanks to Cho Hyeongrae for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀