Home
CRITICAL: 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCRITICAL: 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:HDefault status
unaffected
Any version
affected
Description
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.
Problem types
Product status
Any version
Credits
Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
References
wiki.zenitel.com/wiki/Downloads
www.cisa.gov/news-events/ics-advisories/icsa-25-329-03
github.com/...p/csaf_files/OT/white/2025/icsa-25-329-03.json
