A user with a file monitored via this vulnerability could potentially exploit it to escalate privileges on the targeted system. The updated OpenVX version (v1.7) of Cynet 360 Web Portal addresses this vulnerability by not allowing GET requests from unauthenticated users and also disallowing file inspection via GET. As a best practice, you should always apply updates to systems as soon as possible.

CVE-2022-26451

A flaw in the way that OpenVX processes user input allows an attacker to execute commands via the web application. This vulnerability could be exploited by attackers looking to gain access to sensitive information, escalate privileges on the target system, or cause a DoS condition.

Products Affected

Pivotal Cloud Foundry, Pivotal Application Service Broker (PSAB), and Symantec Enterprise Firewall Service (SEFS)

This vulnerability is patched by the updated versions of OpenVX v1.7. As a best practice, all systems should always be updated as soon as possible. Pivotal Cloud Foundry, PSAB, and SEFS are all affected by this vulnerability.

Vulnerability details:

The vulnerability was a result of an integer overflow error in the OpenVX application. It could allow a user to exploit the vulnerability to escalate privileges on the targeted system by sending malicious requests. The update fixes this vulnerability by not allowing GET requests from unauthenticated users and also disallowing file inspection via GET.
As a best practice, you should always apply updates to systems as soon as possible.

Timeline

Published on: 09/08/2022 16:15:00 UTC
Last modified on: 09/12/2022 14:07:00 UTC

References