How severe is CVE-2022-32268?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Starwindsoftware Starwind_san_\&_nas

CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of…

EPSS: 0.020 (78.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Starwindsoftware Starwind_san_\&_nas — versions 0.2
N/a — versions n/a

References

cve@mitre.org (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2022-32268?: CVE-2022-32268 is a high-severity vulnerability in Starwindsoftware Starwind_san_\&_nas. CVSS score: 8.8/10. Published 2022-06-03.
How severe is CVE-2022-32268?: High severity. CVSS v3 base score is 8.8 out of 10.