Lucene search

BitdefenderCVELIST:CVE-2022-1400

HistoryAug 16, 2022 - 11:25 p.m.

CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll

2022-08-1623:25:12

CWE-321

Bitdefender

www.cve.org

cve-2022-1400

hardcoded encryption key

exago webreportsapi.dll

web reports

device42 asset management appliance

leak session ids

elevate privileges

device42 cmdb versions prior to 18.01.00

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

CNA Affected

[
  {
    "product": "CMDB",
    "vendor": "Device42",
    "versions": [
      {
        "lessThan": "18.01.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Related for CVELIST:CVE-2022-1400