Lucene search

[email protected]NVD:CVE-2022-33106

HistoryOct 12, 2022 - 2:15 p.m.

CVE-2022-33106

2022-10-1214:15:09

CWE-307

[email protected]

web.nvd.nist.gov

wijungle ngfw

no rate limit attack

admin password

account take over

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.8%

JSON

WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.

Affected configurations

Nvd

Node

wijungleu250_firmwareMatch-

AND

wijungleu250Match-

VendorProductVersionCPE
wijungleu250_firmware-cpe:2.3:o:wijungle:u250_firmware:-:*:*:*:*:*:*:*
wijungleu250-cpe:2.3:h:wijungle:u250:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wijungle	u250_firmware	-	cpe:2.3:o:wijungle:u250_firmware:-:::::::*
wijungle	u250	-	cpe:2.3:h:wijungle:u250:-:::::::*

References

wijungle.com

hexisanoob.gitbook.io/hexisanoob/cves/cve-2022-33106

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.8%

JSON

Related for NVD:CVE-2022-33106

cvelist1 prion1 cve1