CVE-2022-45639
CVSS V2 None
CVSS V3 None
Description
** DISPUTED ** OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
Overview
- CVE ID
- CVE-2022-45639
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2023-01-24T02:15:09
- Last Modified Date
- 2023-04-03T20:15:08
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:sleuthkit:the_sleuth_kit:4.11.1:*:*:*:*:*:*:* | 1 | OR |
References
Reference URL | Reference Tags |
---|---|
http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html | |
http://www.binaryworld.it/ | Exploit Vendor Advisory |
https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639 | Broken Link |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-45639 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45639 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-01-24 03:14:29 | Added to TrackCVE | |||
2023-01-24 16:14:42 | 2023-01-24T14:40:52 | CVE Modified Date | updated | |
2023-01-24 16:14:42 | Received | Awaiting Analysis | Vulnerability Status | updated |
2023-01-31 14:13:40 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
2023-01-31 17:14:28 | 2023-01-31T15:58:17 | CVE Modified Date | updated | |
2023-01-31 17:14:28 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
2023-01-31 17:14:29 | Weakness Enumeration | new | ||
2023-01-31 17:14:31 | CPE Information | updated | ||
2023-02-01 11:13:54 | 2023-02-01T10:15:09 | CVE Modified Date | updated | |
2023-02-01 11:13:54 | Analyzed | Modified | Vulnerability Status | updated |
2023-02-01 11:13:55 | OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. | ** DISPUTED ** OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line. | Description | updated |
2023-02-02 17:14:41 | 2023-02-02T15:32:15 | CVE Modified Date | updated | |
2023-02-02 17:14:41 | Modified | Analyzed | Vulnerability Status | updated |
2023-04-03 22:17:41 | 2023-04-03T20:15:08 | CVE Modified Date | updated | |
2023-04-03 22:17:41 | Analyzed | Modified | Vulnerability Status | updated |
2023-04-03 22:17:43 | References | updated |