Format String Injection in Abode Systems Iota All-In-One Security Kit
CVE-2022-35244

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Iota All-in-one Security Kit
Vendor: CVE Published:; 25 October 2022

What is CVE-2022-35244?

A format string injection vulnerability exists in the XCMD getVarHA functionality of Abode Systems' Iota All-In-One Security Kit versions 6.9X and 6.9Z. By crafting a malicious XML payload, an attacker can exploit this vulnerability, potentially leading to memory corruption, information disclosure, and denial of service. It is crucial for users of affected products to assess their security measures and implement necessary updates.

Affected Version(s)

iota All-In-One Security Kit 6.9X

iota All-In-One Security Kit 6.9Z

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Jul 15, 2022

Adobe

What is CVE-2022-35244?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline