The 1E-Exchange-CommandLinePing instruction that is part...
Critical severity
Unreviewed
Published
Nov 6, 2023
to the GitHub Advisory Database
•
Updated Sep 5, 2024
Description
Published by the National Vulnerability Database
Nov 6, 2023
Published to the GitHub Advisory Database
Nov 6, 2023
Last updated
Sep 5, 2024
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.
To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI
References