CVE-2022-30284
CRITICALpython-libnmap < 0.7.2 - Remote Code Execution via NmapProcess Argument Injection
Title source: llmDescription
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case
References (4)
Core 4
Core References
Product, Third Party Advisory x_refsource_misc
https://pypi.org/project/python-libnmap/
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://www.swascan.com/security-advisory-libnmap-2/
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/savon-noir/python-libnmap/releases
Exploit, Third Party Advisory x_refsource_misc
https://libnmap.readthedocs.io/en/latest/process.html#using-libnmap-process
Scores
CVSS v3
9.0
EPSS
0.0463
EPSS Percentile
90.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-88
Status
published
Products (2)
pypi/python-libnmap
0 - 0.7.3PyPI
python-libnmap_project/python-libnmap
< 0.7.2
Published
May 04, 2022
Tracked Since
Feb 18, 2026