Lucene search

[email protected]CVE-2022-3088

HistoryNov 28, 2022 - 10:15 p.m.

CVE-2022-3088

2022-11-2822:15:10

CWE-250

CWE-269

[email protected]

web.nvd.nist.gov

cve-2022-3088

moxa

arm

computers

execution vulnerability

unnecessary privileges

nvd

security

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa’s ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

Affected configurations

NVD

Node

moxauc-2101-lx_firmwareRange1.0–1.12

AND

moxauc-2101-lxMatch-

Node

moxauc-2102-lx_firmwareRange1.0–1.2

AND

moxauc-2102-lxMatch-

Node

moxauc-2104-lx_firmwareRange1.0–1.2

AND

moxauc-2104-lxMatch-

Node

moxauc-2111-lx_firmwareRange1.0–1.2

AND

moxauc-2111-lxMatch-

Node

moxauc-2112-lx_firmwareRange1.0–1.2

AND

moxauc-2112-lxMatch-

Node

moxauc-2102-t-lx_firmwareRange1.0–1.2

AND

moxauc-2102-t-lxMatch-

Node

moxauc-2114-t-lx_firmwareRange1.0–1.2

AND

moxauc-2114-t-lxMatch-

Node

moxauc-2116-t-lx_firmwareRange1.0–1.2

AND

moxauc-2116-t-lxMatch-

Node

moxauc-3101-t-us-lx_firmwareRange1.0–1.6

AND

moxauc-3101-t-us-lxMatch-

Node

moxauc-3101-t-eu-lx_firmwareRange1.0–1.6

AND

moxauc-3101-t-eu-lxMatch-

Node

moxauc-3111-t-us-lx_firmwareRange1.0–1.6

AND

moxauc-3111-t-us-lxMatch-

Node

moxauc-3111-t-eu-lx_firmwareRange1.0–1.6

AND

moxauc-3111-t-eu-lxMatch-

Node

moxauc-3121-t-us-lx_firmwareRange1.0–1.6

AND

moxauc-3121-t-us-lxMatch-

Node

moxauc-3121-t-eu-lx_firmwareRange1.0–1.6

AND

moxauc-3121-t-eu-lxMatch-

Node

moxauc-3101-t-ap-lx_firmwareRange1.0–1.6

AND

moxauc-3101-t-ap-lxMatch-

Node

moxauc-3111-t-ap-lx_firmwareRange1.0–1.6

AND

moxauc-3111-t-ap-lxMatch-

Node

moxauc-3121-t-ap-lx_firmwareRange1.0–1.6

AND

moxauc-3121-t-ap-lxMatch-

Node

moxauc-3111-t-eu-lx-nw_firmwareRange1.0–1.6

AND

moxauc-3111-t-eu-lx-nwMatch-

Node

moxauc-3111-t-ap-lx-nw_firmwareRange1.0–1.6

AND

moxauc-3111-t-ap-lx-nwMatch-

Node

moxauc-3111-t-us-lx-nw_firmwareRange1.0–1.6

AND

moxauc-3111-t-us-lx-nwMatch-

Node

moxauc-5101-lx_firmwareRange1.0–1.4

AND

moxauc-5101-lxMatch-

Node

moxauc-5101-t-lx_firmwareRange1.0–1.4

AND

moxauc-5101-t-lxMatch-

Node

moxauc-5102-lx_firmwareRange1.0–1.4

AND

moxauc-5102-lxMatch-

Node

moxauc-5102-t-lx_firmwareRange1.0–1.4

AND

moxauc-5102-t-lxMatch-

Node

moxauc-5111-lx_firmwareRange1.0–1.4

AND

moxauc-5111-lxMatch-

Node

moxauc-5111-t-lx_firmwareRange1.0–1.4

AND

moxauc-5111-t-lxMatch-

Node

moxauc-5112-lx_firmwareRange1.0–1.4

AND

moxauc-5112-lxMatch-

Node

moxauc-5112-t-lx_firmwareRange1.0–1.4

AND

moxauc-5112-t-lxMatch-

Node

moxauc-8131-lx_firmwareRange3.0–3.5

AND

moxauc-8131-lxMatch-

Node

moxauc-8132-lx_firmwareRange3.0–3.5

AND

moxauc-8132-lxMatch-

Node

moxauc-8162-lx_firmwareRange3.0–3.5

AND

moxauc-8162-lxMatch-

Node

moxauc-8112-lx_firmwareRange3.0–3.5

AND

moxauc-8112-lxMatch-

Node

moxauc-8112-me-t-lx1_firmwareMatch3.0

moxauc-8112-me-t-lx1_firmwareMatch3.1

AND

moxauc-8112-me-t-lx1Match-

Node

moxauc-8112-me-t-lx_firmwareMatch3.0

moxauc-8112-me-t-lx_firmwareMatch3.1

AND

moxauc-8112-me-t-lxMatch-

Node

moxauc-8112a-me-t-lx_firmwareRange1.0–1.6

AND

moxauc-8112a-me-t-lxMatch-

Node

moxauc-8220-t-lx-s_firmwareRange1.0–1.5

AND

moxauc-8220-t-lx-sMatch-

Node

moxauc-8220-t-lx_firmwareRange1.0–1.5

AND

moxauc-8220-t-lxMatch-

Node

moxauc-8220-t-lx-us-s_firmwareRange1.0–1.5

AND

moxauc-8220-t-lx-us-sMatch-

Node

moxauc-8220-t-lx-eu-s_firmwareRange1.0–1.5

AND

moxauc-8220-t-lx-eu-sMatch-

Node

moxauc-8220-t-lx-ap-s_firmwareRange1.0–1.5

AND

moxauc-8220-t-lx-ap-sMatch-

Node

moxaaig-301-t-us-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-t-us-azu-lxMatch-

Node

moxaaig-301-t-eu-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-t-eu-azu-lxMatch-

Node

moxaaig-301-t-ap-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-t-ap-azu-lxMatch-

Node

moxaaig-301-t-cn-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-t-cn-azu-lxMatch-

Node

moxaaig-301-t-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-t-azu-lxMatch-

Node

moxaaig-301-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-azu-lxMatch-

Node

moxaaig-301-us-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-us-azu-lxMatch-

Node

moxaaig-301-eu-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-eu-azu-lxMatch-

Node

moxaaig-301-ap-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-ap-azu-lxMatch-

Node

moxaaig-301-cn-azu-lx_firmwareRange1.0–1.4

AND

moxaaig-301-cn-azu-lxMatch-

Node

moxauc-8410a-lx_firmwareRange4.0.2–4.1.2

AND

moxauc-8410a-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8410a-t-lx_firmwareRange4.0.2–4.1.2

AND

moxauc-8410a-t-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8410a-nw-lx_firmwareRange4.0.2–4.1.2

AND

moxauc-8410a-nw-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8410a-nw-t-lx_firmwareRange4.0.2–4.1.2

AND

moxauc-8410a-nw-t-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8580-lx_firmwareMatch2.0

moxauc-8580-lx_firmwareMatch2.1

AND

moxauc-8580-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8580-t-lx_firmwareMatch2.0

moxauc-8580-t-lx_firmwareMatch2.1

AND

moxauc-8580-t-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8580-t-ct-lx_firmwareMatch2.0

moxauc-8580-t-ct-lx_firmwareMatch2.1

AND

moxauc-8580-t-ct-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8580-q-lx_firmwareMatch2.0

moxauc-8580-q-lx_firmwareMatch2.1

AND

moxauc-8580-q-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8580-t-q-lx_firmwareMatch2.0

moxauc-8580-t-q-lx_firmwareMatch2.1

AND

moxauc-8580-t-q-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8580-t-ct-q-lx_firmwareMatch2.0

moxauc-8580-t-ct-q-lx_firmwareMatch2.1

AND

moxauc-8580-t-ct-q-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8540-lx_firmwareMatch2.0

moxauc-8540-lx_firmwareMatch2.1

AND

moxauc-8540-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8540-t-lx_firmwareMatch2.0

moxauc-8540-t-lx_firmwareMatch2.1

AND

moxauc-8540-t-lxMatch-

debiandebian_linuxMatch9.0

Node

moxauc-8540-t-ct-lx_firmwareMatch2.0

moxauc-8540-t-ct-lx_firmwareMatch2.1

AND

moxauc-8540-t-ct-lxMatch-

debiandebian_linuxMatch9.0

Node

moxada-662c-16-lx_firmwareRange1.0.2–1.1.2

AND

moxada-662c-16-lxMatch-

CPENameOperatorVersion
moxa:uc-2101-lx_firmwaremoxa uc-2101-lx firmwarele1.12

CPE	Name	Operator	Version
moxa:uc-2101-lx_firmware	moxa uc-2101-lx firmware	le	1.12

CNA Affected

[
  {
    "vendor": "Moxa",
    "product": "UC-8100A-ME-T System Imaage",
    "versions": [
      {
        "version": "1.0",
        "status": "affected",
        "lessThanOrEqual": "1.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-2100 System Image",
    "versions": [
      {
        "version": "1.0",
        "status": "affected",
        "lessThanOrEqual": "1.12",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-2100-W System Image",
    "versions": [
      {
        "version": "1.0",
        "status": "affected",
        "lessThanOrEqual": "1.12",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-3100 System Image",
    "versions": [
      {
        "version": "1.0",
        "status": "affected",
        "lessThanOrEqual": "1.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-5100 System Image",
    "versions": [
      {
        "version": "1.0",
        "status": "affected",
        "lessThanOrEqual": "1.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-8100 System Image",
    "versions": [
      {
        "version": "3.0",
        "status": "affected",
        "lessThanOrEqual": "3.5",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-8100-ME-T System Image",
    "versions": [
      {
        "version": "3.0",
        "status": "affected",
        "lessThanOrEqual": "3.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-8200 System Image",
    "versions": [
      {
        "version": "1.0",
        "status": "affected",
        "lessThanOrEqual": "1.5",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "AIG-300 System Image",
    "versions": [
      {
        "version": "1.0",
        "status": "affected",
        "lessThanOrEqual": "1.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-8410A with Debian 9 System Image",
    "versions": [
      {
        "version": "4.0.2 and 4.1.2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-8580 with Debian 9 System Image",
    "versions": [
      {
        "version": "2.0 and 2.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "UC-8540 with Debian 9 System Image",
    "versions": [
      {
        "version": "2.0 and 2.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Moxa",
    "product": "DA-662C-16-LX (GLB) System Image",
    "versions": [
      {
        "version": "1.0.2",
        "status": "affected",
        "lessThanOrEqual": "1.1.2",
        "versionType": "custom"
      }
    ]
  }
]