Security Advisory

CVE-2021-46704

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-06 06:23:47

Last updated 2024-08-04 05:17:41

Assigner mitre

State PUBLISHED

Description

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.

← Browse all CVEs View on cve.org ↗