CVE-2022-32268: Critical severity starwind san & nas vulnerability
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.
Affected Software
Event History
Frequently Asked Questions
What is CVE-2022-32268?
CVE-2022-32268 is a vulnerability found in StarWind SAN and NAS v0.2 build 1914 that allows remote code execution.
How does CVE-2022-32268 impact StarWind SAN and NAS?
CVE-2022-32268 allows an attacker with non-root user access to inject arbitrary code through the REST API in StarWind Stack, potentially leading to remote code execution.
What is the severity of CVE-2022-32268?
CVE-2022-32268 has a severity rating of critical with a CVSS score of 8.8.
How can I fix CVE-2022-32268 in StarWind SAN and NAS?
To fix CVE-2022-32268, users should update to a patched version of StarWind SAN and NAS that addresses the REST API vulnerability.
Where can I find more information about CVE-2022-32268?
More information about CVE-2022-32268 can be found at the following reference: [https://www.starwindsoftware.com/security/sw-20220531-0001/](https://www.starwindsoftware.com/security/sw-20220531-0001/)