Lucene search

[email protected]CVE-2022-45431

HistoryDec 27, 2022 - 6:15 p.m.

CVE-2022-45431

2022-12-2718:15:10

[email protected]

web.nvd.nist.gov

cve-2022-45431

dahua

remote dss server

unauthenticated restart

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.

Affected configurations

NVD

Node

dahuasecuritydhi-dss7016d-s2_firmwareMatch1.001.0000001.2

dahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.2

dahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.4

dahuasecuritydhi-dss7016d-s2_firmwareMatch8.1

AND

dahuasecuritydhi-dss7016d-s2Match-

Node

dahuasecuritydhi-dss7016dr-s2_firmwareMatch1.001.0000001.2

dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.2

dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.4

dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.1

AND

dahuasecuritydhi-dss7016dr-s2Match-

Node

dahuasecuritydhi-dss4004-s2_firmwareMatch1.001.0000001.2

dahuasecuritydhi-dss4004-s2_firmwareMatch8.0.2

dahuasecuritydhi-dss4004-s2_firmwareMatch8.0.4

dahuasecuritydhi-dss4004-s2_firmwareMatch8.1

AND

dahuasecuritydhi-dss4004-s2Match-

Node

dahuasecuritydss_expressMatch7.002.1760000.2

dahuasecuritydss_expressMatch8.0.2

dahuasecuritydss_expressMatch8.0.4

dahuasecuritydss_expressMatch8.1

dahuasecuritydss_expressMatch8.1.1

dahuasecuritydss_professionalMatch7.002.1760000.2

dahuasecuritydss_professionalMatch8.0.2

dahuasecuritydss_professionalMatch8.0.4

dahuasecuritydss_professionalMatch8.1

dahuasecuritydss_professionalMatch8.1.1

AND

linuxlinux_kernelMatch-

CPENameOperatorVersion
dahuasecurity:dhi-dss7016d-s2_firmwaredahuasecurity dhi-dss7016d-s2 firmwareeq1.001.0000001.2
dahuasecurity:dhi-dss7016d-s2_firmwaredahuasecurity dhi-dss7016d-s2 firmwareeq8.0.2
dahuasecurity:dhi-dss7016d-s2_firmwaredahuasecurity dhi-dss7016d-s2 firmwareeq8.0.4
dahuasecurity:dhi-dss7016d-s2_firmwaredahuasecurity dhi-dss7016d-s2 firmwareeq8.1

CPE	Name	Operator	Version
dahuasecurity:dhi-dss7016d-s2_firmware	dahuasecurity dhi-dss7016d-s2 firmware	eq	1.001.0000001.2
dahuasecurity:dhi-dss7016d-s2_firmware	dahuasecurity dhi-dss7016d-s2 firmware	eq	8.0.2
dahuasecurity:dhi-dss7016d-s2_firmware	dahuasecurity dhi-dss7016d-s2 firmware	eq	8.0.4
dahuasecurity:dhi-dss7016d-s2_firmware	dahuasecurity dhi-dss7016d-s2 firmware	eq	8.1

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
    "versions": [
      {
        "version": "V8.0.2, V8.0.4, V8.1",
        "status": "affected"
      }
    ]
  }
]

References

www.dahuasecurity.com/support/cybersecurity/details/1137

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for CVE-2022-45431

nvd1 prion1 cvelist1