CVE-2022-50795 — HIGH (7.8)

Q: How severe is CVE-2022-50795?

CVE-2022-50795 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-50795?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.

Vulnerability Description

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the traceroute.php script, which triggers the malicious file and then deletes it after execution.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sound4	Impact Firmware	2.15
Sound4	Impact	2.0
Sound4	Pulse Firmware	2.15
Sound4	Pulse	2.0
Sound4	First Firmware	2.15
Sound4	First	2.0
Sound4	Impact Eco Firmware	1.16
Sound4	Impact Eco	-
Sound4	Pulse Eco Firmware	1.16
Sound4	Pulse Eco	-
Sound4	Big Voice4 Firmware	1.2
Sound4	Big Voice4	-
Sound4	Big Voice2 Firmware	1.30
Sound4	Big Voice2	-
Sound4	Stream Extension	2.4.29
Sound4	Wm2 Firmware	1.11
Sound4	Wm2	-

Related Weaknesses (CWE)

CWE-78

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/247950Third Party Advisory
https://packetstormsecurity.com/files/170267/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-tExploitThird Party Advisory
https://www.sound4.com/Product
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-conditional-comThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5740.phpExploitThird Party Advisory

FAQ

What is CVE-2022-50795?

CVE-2022-50795 is a vulnerability with a CVSS score of 7.8 (HIGH). SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attack...

How severe is CVE-2022-50795?

CVE-2022-50795 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-50795?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.