Remote code execution vulnerability in Wazuh Agent - CVE-2022-40497 (dpkg)ID: oval:org.secpod.oval:def:87092 | Date: (C)2023-01-30 (M)2023-01-30 |
Class: VULNERABILITY | Family: unix |
The host is installed with Wazuh 3.6.1 through 3.13.5, 4.0.0 through 4.2.7 or 4.3.0 through 4.3.7 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an issue in the Active Response endpoint. Successful exploitation could allow authenticated attackers with RBAC permissions active-response:command might execute a program outside the Active Response binary folder (/var/ossec/active-response/bin).