Vulnerability — CVE-2022-31137

CVE-2022-31137

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-31137
Description:: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Last updated date:: 11/05/2022

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 12/21/2022
Reference url to background: https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/25/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/roxy_wi_exec.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/05/2022
Reference url to background: http://packetstormsecurity.com/files/167805/Roxy-WI-Remote-Command-Execution.html