How severe is CVE-2022-37705?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2022-37705?

This is classified as CWE-88, which is a common weakness in software security.

CVE-2022-37705 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

Related Vulnerabilities

CVE-2020-27129

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. Th...

CWE-882020

CVE-2022-20930

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficien...

CWE-882022

CVE-2024-41710

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with admin...

CWE-882024

CVE-2024-41711

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with phy...

CWE-882024

CVE-2017-15694

MEDIUM

CVSS:6.5(Medium)

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could mo...

CWE-882017

CVE-2019-0764

MEDIUM

CVSS:6.5(Medium)

A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'.

CWE-882019