CVE-2022-29806 — Vulnetix

CVE-2022-29806 PUBLISHED CVSS 7.5 HIGH

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.

EPSS 75.58% · 98.9th percentile

Risk Scores

CVSS 2.0

7.5

EPSS Score

75.58%

98.9th percentile

Affected Products

Vendor	Product	Versions
zoneminder	zoneminder	0
n/a	n/a	n/a

Exploit Intelligence

ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc-repo)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc-repo)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc-repo)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc-repo)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc-repo)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc)
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit (github-poc)
http://packetstormsecurity.com/files/166980/ZoneMinder-Language-Settings-Remote-Code-Execution.html (nist-nvd)

…and 7 more exploits

Timeline

Apr 26, 2022 EPSS Score
Apr 26, 2022 CVE Published
May 4, 2022 PoC Published
May 5, 2022 EPSS Score
May 7, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 26, 2023 EPSS Score
Apr 7, 2023 EPSS Score
May 2, 2023 EPSS Score
May 15, 2023 EPSS Score
May 28, 2023 EPSS Score
Jul 31, 2023 EPSS Score

References

Open in Interactive Console →