CVE-2022-50793 — HIGH (8.8)

Q: How severe is CVE-2022-50793?

CVE-2022-50793 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-50793?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.

Vulnerability Description

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sound4	Impact Firmware	2.15
Sound4	Impact	2.0
Sound4	Pulse Firmware	2.15
Sound4	Pulse	2.0
Sound4	First Firmware	2.15
Sound4	First	2.0
Sound4	Impact Eco Firmware	1.16
Sound4	Impact Eco	-
Sound4	Pulse Eco Firmware	1.16
Sound4	Pulse Eco	-
Sound4	Big Voice4 Firmware	1.2
Sound4	Big Voice4	-
Sound4	Big Voice2 Firmware	1.30
Sound4	Big Voice2	-
Sound4	Wm2 Firmware	1.11
Sound4	Wm2	-
Sound4	Stream Extension	2.4.29

Related Weaknesses (CWE)

CWE-78

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/247917Third Party Advisory
https://packetstormsecurity.com/files/170264/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-sExploitThird Party AdvisoryVDB Entry
https://www.sound4.com/Product
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-authenticated-cThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5737.phpExploitThird Party Advisory

FAQ

What is CVE-2022-50793?

CVE-2022-50793 is a vulnerability with a CVSS score of 8.8 (HIGH). SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' ...

How severe is CVE-2022-50793?

CVE-2022-50793 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-50793?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.