Lucene search

[email protected]CVE-2022-32985

HistoryJul 17, 2022 - 11:15 p.m.

CVE-2022-32985

2022-07-1723:15:09

CWE-798

[email protected]

web.nvd.nist.gov

cve-2022-32985

nexans ftto gigaswitch

security vulnerability

ssh backdoor

port 50200

port 50201

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.

Affected configurations

NVD

Node

nexansgigaswitch_641_desk_v5_sfp-vi_firmwareRange<6.02n

nexansgigaswitch_641_desk_v5_sfp-vi_firmwareRange7.0–7.02

AND

nexansgigaswitch_641_desk_v5_sfp-viMatch-

Node

nexansgigaswitch_642_desk_v5_sfp-2vi_firmwareRange<6.02n

nexansgigaswitch_642_desk_v5_sfp-2vi_firmwareRange7.0–7.02

AND

nexansgigaswitch_642_desk_v5_sfp-2viMatch-

Node

nexansgigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmwareRange<6.02n

nexansgigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdcMatch-

Node

nexansgigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmwareRange<6.02n

nexansgigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdcMatch-

Node

nexansgigaswitch_v5_2tp_sfp-vi_54vdc_firmwareRange<6.02n

nexansgigaswitch_v5_2tp_sfp-vi_54vdc_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_2tp_sfp-vi_54vdcMatch-

Node

nexansgigaswitch_v5_sfp-2vi_230vac_firmwareRange<6.02n

nexansgigaswitch_v5_sfp-2vi_230vac_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_sfp-2vi_230vacMatch-

Node

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmwareRange<6.02n

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdcMatch-

Node

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmwareRange<6.02n

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_indMatch-

Node

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmwareRange<6.02n

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_medMatch-

Node

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_firmwareRange<6.02n

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_tp_sfp-2vi_54vdcMatch-

Node

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmwareRange<6.02n

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_indMatch-

Node

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_med_firmwareRange<6.02n

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_med_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_tp_sfp-2vi_54vdc_medMatch-

Node

nexansgigaswitch_v5_tp_sfp-vi_230vac_firmwareRange<6.02n

nexansgigaswitch_v5_tp_sfp-vi_230vac_firmwareRange7.0–7.02

AND

nexansgigaswitch_v5_tp_sfp-vi_230vacMatch-

CPENameOperatorVersion
nexans:gigaswitch_641_desk_v5_sfp-vi_firmwarenexans gigaswitch 641 desk v5 sfp-vi firmwarelt6.02n
nexans:gigaswitch_641_desk_v5_sfp-vi_firmwarenexans gigaswitch 641 desk v5 sfp-vi firmwarelt7.02

CPE	Name	Operator	Version
nexans:gigaswitch_641_desk_v5_sfp-vi_firmware	nexans gigaswitch 641 desk v5 sfp-vi firmware	lt	6.02n
nexans:gigaswitch_641_desk_v5_sfp-vi_firmware	nexans gigaswitch 641 desk v5 sfp-vi firmware	lt	7.02