CVE-2022-23992

CRITICAL

XCOM Data Transport 11.6 - Remote Code Execution via Insufficient Input Validation

Title source: llm

Description

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.

References (1)

Core 1

Core References

Permissions Required, Vendor Advisory x_refsource_misc

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750

Scores

CVSS v3 9.8

EPSS 0.0169

EPSS Percentile 82.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

broadcom/xcom_data_transport 11.6 (3 CPE variants)

Published Feb 14, 2022

Tracked Since Feb 18, 2026