Lucene search

HuaweiCVELIST:CVE-2022-48615

HistoryDec 12, 2023 - 7:23 a.m.

CVE-2022-48615

2023-12-1207:23:07

CWE-284

huawei

www.cve.org

huawei

access control

vulnerability

datacom

device information

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AR6000",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "V300R019C10SPC300"
      }
    ]
  }
]

References

wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for CVELIST:CVE-2022-48615