Vulnerability CVE-2022-26481


Published: 2022-07-17   Modified: 2022-07-18

Description:
An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection
Johannes Kruchem
06.06.2022

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://www.poly.com/us/en/support/security-center
https://sec-consult.com/vulnerability-lab/advisory/authenticated-command-injection-in-poly-studio/

Copyright 2022, cxsecurity.com

 

Back to Top