|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-05-09 | |
| Rule Name: | ZoneMinder Invalid Language Remote Code Execution Vulnerability (CVE-2022-29806) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://packetstormsecurity.com/files/166980/ZoneMinder-Language-Settings-Remote-Code-Execution.html https://forums.zoneminder.com/viewtopic.php?t=31638 https://github.com/ZoneMinder/zoneminder/commit/9fee64b62fbdff5bf5ece1d617f1f53c7b1967cb https://github.com/ZoneMinder/zoneminder/releases/tag/1.36.13 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://forums.zoneminder.com/viewtopic.php?t=31638 |