OS Command Injection in Sleuthkit's FLS Tool by The Sleuth Kit
CVE-2022-45639

7.8HIGH

Key Information:

Vendor: Sleuthkit
Status: The Sleuth Kit
Vendor: CVE Published:; 24 January 2023

What is CVE-2022-45639?

The Sleuth Kit's FLS tool version 4.11.1 is susceptible to an OS command injection vulnerability that allows attackers to execute arbitrary commands by supplying a crafted input to the 'm' parameter. While there is some debate regarding the exploitability of this vulnerability in user account contexts, potential risks associated with improper input handling warrant attention. It is crucial for users and administrators to be aware of possible exploitation pathways and implement mitigating measures.

References

http://www.binaryworld.it/

https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639

http://packetstormsecurity.com/files/171649/Sleuthkit-4.1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2023
Vulnerability Reserved
Nov 21, 2022

CVE-2022-45639 Data

JSON