HTTP: WWBN AVideo chunkFile Command Injection
This signature detects attempts to exploit a known vulnerability against WWBN AVideo. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
Affected Products
Wwbn avideo
Short Name
HTTP:CTS:WWBN-AVIDEO-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AVideo CVE-2022-30534 CVE-2022-32572 Command Injection WWBN chunkFile
Release Date
09/12/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Wwbn