Security Advisory

CVE-2022-44794

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-07 00:00:00
Last updated 2025-05-01 17:42:55
Assigner mitre
State PUBLISHED

Description

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesnt validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611.