Lucene search

K
nvd[email protected]NVD:CVE-2022-1318
HistoryApr 20, 2022 - 4:15 p.m.

CVE-2022-1318

2022-04-2016:15:08
CWE-326
CWE-203
web.nvd.nist.gov
5
hills comnav
weak communication
local network
configuration pages
predictable packets
traffic observation
encryption scheme.

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

12.6%

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

Affected configurations

Nvd
Node
carrierhills_comnav_firmwareRange3002-19
AND
carrierhills_comnavMatch-
VendorProductVersionCPE
carrierhills_comnav_firmware*cpe:2.3:o:carrier:hills_comnav_firmware:*:*:*:*:*:*:*:*
carrierhills_comnav-cpe:2.3:h:carrier:hills_comnav:-:*:*:*:*:*:*:*

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

12.6%

Related for NVD:CVE-2022-1318