BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The version of busybox installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28391 advisory.

  - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS     PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the     terminal's colors. (CVE-2022-28391)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS     PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the     terminal's colors. (CVE-2022-28391)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of busybox installed on the remote host is prior to 1.34.1-1.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1608 advisory.

    An escape sequence injection attack was found in BusyBox on Alpine. For this issue to occur, a remote     host's virtual terminal must contain an escape sequence, and the victim must then execute netstat. This     flaw allows an attacker can inject arbitrary code, leading to a loss of integrity. (CVE-2022-28391)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
502976	Siemens SIMATIC S7-1500 TM MFP BIOS Missing Encryption of Sensitive Data (CVE-2022-28391)	Tenable OT Security	Tenable.ot	high
172995	CBL Mariner 2.0 Security Update: busybox (CVE-2022-28391)	Nessus	MarinerOS Local Security Checks	high
163562	EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-2151)	Nessus	Huawei Local Security Checks	high
163531	EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-2126)	Nessus	Huawei Local Security Checks	high
162902	EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1988)	Nessus	Huawei Local Security Checks	high
162885	EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1958)	Nessus	Huawei Local Security Checks	high
162836	Amazon Linux AMI : busybox (ALAS-2022-1608)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2022-28391

high

Tenable Plugins

high

high

high

high

high

high

high