CVE-2022-24697 The designer function has a command injection vulnerability when overwriting system parameters in the configuration.
If you have one of these versions installed on your system, it is recommended to update as soon as possible. In case you haven’t installed Kylin yet, you can do it now by following our installation guide. After updating, you need to edit the ‘conf’ parameter in the admin menu. You’ll get a list of parameters. Now, you need to change the ‘conf’ parameter with any operating system command. For example, you can change the parameter value to ‘id; /bin/bash -c ‘ or something similar. Then, you need to click ‘Save’ and ‘Close’ to save the configuration. After that, you need to visit the ‘conf’ parameter in the admin menu and click ‘Open’ to load the configuration. Now, copy the system command that you want to inject and paste it in the parameter field. Then, click ‘OK’ to save the configuration and execute the operating system command. The Kylin operating system has a command injection vulnerability allowing an attacker to execute arbitrary code on the system. This vulnerability can be exploited by malicious persons to take control of the system.
Check for the Version of Kylin
If you have updated to the latest version of Kylin, then it is recommended that you update again. In case you haven’t installed Kylin yet, you can do it now by following our installation guide. After updating, you need to edit the ‘conf’ parameter in the admin menu. You’ll get a list of parameters. Now, you need to change the ‘conf’ parameter with any operating system command. For example, you can change the parameter value to ‘id; /bin/bash -c ‘ or something similar. Then, you need to click ‘Save’ and ‘Close’ to save the configuration. After that, you need to visit the ‘conf’ parameter in the admin menu and click ‘Open’ to load the configuration. Now, copy the system command that you want to inject and paste it in the parameter field. Then, click ‘OK’ to save the configuration and execute the operating system command. The Kylin operating system has a command injection vulnerability allowing an attacker to execute arbitrary code on your system. This vulnerability can be exploited by malicious persons with administrator privileges on your system or by users with physical access who gain administrative privileges through your computer's BIOS/UEFI settings or other means of compromising achieved control over your computer's hardware resources like memory contents or network capabilities like WiFi or Ethernet card configurations.
Timeline
Published on: 10/13/2022 13:15:00 UTC
Last modified on: 10/17/2022 15:05:00 UTC