- Description
- A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-346
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zingbox:inspector:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0663AE7-474A-4649-90D6-CE4D84A4D0B0",
"versionEndIncluding": "1.293"
}
],
"operator": "OR"
}
]
}
]