Unauthenticated Remote Code Execution in On-Premise cnMaestro Server

Unauthenticated Remote Code Execution in On-Premise cnMaestro Server

CVE-2022-1357 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command.

Learn more about our Web App Pen Testing.