OS Command Injection in Abode Systems iota All-In-One Security Kit
CVE-2022-29520

8.1HIGH

Key Information:

Vendor: Adobe
Status: Iota All-in-one Security Kit
Vendor: CVE Published:; 25 October 2022

Summary

An OS command injection vulnerability has been identified in the console_main_loop functionality of Abode Systems' iota All-In-One Security Kit 6.9Z. This flaw allows an attacker to execute arbitrary commands on the affected system by sending specially-crafted XML payloads. If successfully exploited, this vulnerability can compromise the security of the device, enabling unauthorized access and control. Users of this device are encouraged to follow best practices for security and keep their firmware updated.

Affected Version(s)

iota All-In-One Security Kit 6.9Z

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Jun 13, 2022