Overview
- Description
- The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- ics-cert@hq.dhs.gov
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cambiumnetworks:cnmaestro:2.4.2:*:*:*:on_premises:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93FCE8FD-61FF-4160-9581-C8DD573F5BE0"
},
{
"criteria": "cpe:2.3:o:cambiumnetworks:cnmaestro:3.0.0:*:*:*:on_premises:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E2A97A9-FD28-4592-AB4A-E02E007B6CE3"
},
{
"criteria": "cpe:2.3:o:cambiumnetworks:cnmaestro:3.0.3:*:*:*:on_premises:*:*:*",
"vulnerable": true,
"matchCriteriaId": "105A9A7C-BC84-4332-B3A1-525947CFF0D2"
}
],
"operator": "OR"
}
]
}
]