Vulnerability CVE-2022-44794
Published: 2022-11-07

Description:
An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.

 References:
https://objectfirst.com/security/of-20221024-0001/
Copyright 2026, cxsecurity.com

 

Back to Top