An OS command injection vulnerability exists due to insufficient
sanitization of user-supplied input. The application accepts parameters
that are later incorporated into OS commands without adequate
validation. This could allow an unauthenticated attacker to execute
arbitrary commands remotely.
Credits
Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
