Lucene search

[email protected]CVE-2022-38124

HistoryDec 13, 2022 - 2:15 p.m.

CVE-2022-38124

2022-12-1314:15:09

CWE-267

CWE-269

[email protected]

web.nvd.nist.gov

cve-2022-38124

debug tool

secomea sitemanager

system state modification

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.

Affected configurations

NVD

Node

secomeasitemanager_1129_firmwareRange<10.0.622425017

AND

secomeasitemanager_1129Match-

Node

secomeasitemanager_3329_firmwareRange<10.0.622425017

AND

secomeasitemanager_3329Match-

Node

secomeasitemanager_1529_firmwareRange<10.0.622425017

AND

secomeasitemanager_1529Match-

Node

secomeasitemanager_3529_firmwareRange<10.0.622425017

AND

secomeasitemanager_3529Match-

Node

secomeasitemanager_1139_firmwareRange<10.0.622425017

AND

secomeasitemanager_1139Match-

Node

secomeasitemanager_3339_firmwareRange<10.0.622425017

AND

secomeasitemanager_3339Match-

Node

secomeasitemanager_1539_firmwareRange<10.0.622425017

AND

secomeasitemanager_1539Match-

Node

secomeasitemanager_3539_firmwareRange<10.0.622425017

AND

secomeasitemanager_3539Match-

Node

secomeasitemanager_1149_firmwareRange<10.0.622425017

AND

secomeasitemanager_1149Match-

Node

secomeasitemanager_3349_firmwareRange<10.0.622425017

AND

secomeasitemanager_3349Match-

Node

secomeasitemanager_1549_firmwareRange<10.0.622425017

AND

secomeasitemanager_1549Match-

Node

secomeasitemanager_3549_firmwareRange<10.0.622425017

AND

secomeasitemanager_3549Match-

CPENameOperatorVersion
secomea:sitemanager_1129_firmwaresecomea sitemanager 1129 firmwarelt10.0.622425017

CPE	Name	Operator	Version
secomea:sitemanager_1129_firmware	secomea sitemanager 1129 firmware	lt	10.0.622425017

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SiteManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThanOrEqual": "10.0.622425017",
        "status": "affected",
        "version": "0",
        "versionType": "\"custom\""
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

Related for CVE-2022-38124

cvelist1 prion1 nvd1