CVE-2022-40022

2023-02-1315:15:15

CWE-77

mitre

web.nvd.nist.gov

cve-2022-40022

microchip technology

microsemi

syncserver s650

command injection

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.822

Percentile

98.5%

JSON

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

Affected configurations

Nvd

Node

microchipsyncserver_s650Match-

AND

microchipsyncserver_s650_firmwareMatch-

VendorProductVersionCPE
microchipsyncserver_s650-cpe:2.3:h:microchip:syncserver_s650:-:*:*:*:*:*:*:*
microchipsyncserver_s650_firmware-cpe:2.3:o:microchip:syncserver_s650_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microchip	syncserver_s650	-	cpe:2.3:h:microchip:syncserver_s650:-:::::::*
microchip	syncserver_s650_firmware	-	cpe:2.3:o:microchip:syncserver_s650_firmware:-:::::::*

References

packetstormsecurity.com/files/172907/Symmetricom-SyncServer-Unauthenticated-Remote-Command-Execution.html

www.microsemi.com/campaigns/network-time-servers/S650p/%3Fgd%3D1&id=5&gclid=Cj0KCQjwjbyYBhCdARIsAArC6LL-202ej5YfDB5lMIMSZ2735qjo5yaj2i-PrvLv2Cnh_kIJtFJ0oF8aAlMpEALw_wcB

www.microsemi.com/campaigns/network-time-servers/syncserver-s600/?url=

www.microsemi.com/document-portal/doc_download/135737-datasheet-syncserver-s650

www.securifera.com/advisories/CVE-2022-40022/