Lucene search

MitreCVE-2022-25569

HistoryApr 04, 2022 - 6:15 p.m.

CVE-2022-25569

2022-04-0418:15:08

CWE-798

mitre

web.nvd.nist.gov

cve-2022-25569

bettini srl

gams product line

ssh keys

security vulnerability

unauthenticated login

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.

Affected configurations

Nvd

Node

bettinivideosgsetupMatch4.3.0

VendorProductVersionCPE
bettinivideosgsetup4.3.0cpe:2.3:a:bettinivideo:sgsetup:4.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bettinivideo	sgsetup	4.3.0	cpe:2.3:a:bettinivideo:sgsetup:4.3.0:::::::*

References

www.andreabruschi.net/2022/02/17/bettini-s-r-l-sgsetup-hard-coded-ssh-private-key/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

Related for CVE-2022-25569