Insufficient File Scheme Validation
Affected versions:
4.34.12
Date: 2021-02-15
CVE indentifier -
Impact
We had an issue that there was a possibility to run inetChecksite against local files due to improper file scheme validation. Affected commands: inetLatency(), inetChecksite().
Patch
Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.12 if you are using version 4.
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency(), inetChecksite() (sanitize `file://` parameter)
Command Injection Vulnerability
Affected versions:
< 4.34.11
Date: 2021-02-14
CVE indentifier CVE-2021-21315
Impact
We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated array as a parameter to the following functions. Affected commands: inetLatency(), inetChecksite(), services(), processLoad().
Patch
Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.11 if you are using version 4.
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency(), inetChecksite(), services(), processLoad() (string only)
DOS Injection Vulnerability
Affected versions:
< 4.34.10
Date: 2021-02-12
CVE indentifier -
Impact
Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: inetLatency().
Patch
Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.34.10 if you are using version 4.
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency() (no spaces)
Command Injection Vulnerability
Affected versions:
< 4.31.1
Date: 2020-12-11
CVE indentifier CVE-2020-26274, CVE-2020-28448
Impact
Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetLatency().
Patch
Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency()
Command Injection Vulnerability - prototype pollution
Affected versions:
< 4.30.5
Date: 2020-11-26
CVE indentifier CVE-2020-26245
Impact
Here we had an issue that there was a possibility to inject commands to the command line by property pollution on the string object. Affected commands: inetChecksite().
Patch
Problem was fixed with a shell string sanitation fix as well as handling prototype polution. Please upgrade to version >= 4.30.5
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()
Command Injection Vulnerability
Affected versions:
< 4.27.11
Date: 2020-10-26
CVE indentifier CVE-2020-7752
Impact
Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetChecksite().
Patch
Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()