Lucene search

[email protected]NVD:CVE-2022-37060

HistoryAug 18, 2022 - 5:15 p.m.

CVE-2022-37060

2022-08-1817:15:08

CWE-22

[email protected]

web.nvd.nist.gov

flir ax8

thermal sensor

directory traversal

improper access restriction

unauthenticated attacker

remote exploit

disclosure of contents

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.511

Percentile

97.5%

JSON

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server’s restricted path.

Affected configurations

Nvd

Node

flirflir_ax8_firmwareRange≤1.46.16

AND

flirflir_ax8Match-

VendorProductVersionCPE
flirflir_ax8_firmware*cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
flirflir_ax8-cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flir	flir_ax8_firmware	*	cpe:2.3:o:flir:flir_ax8_firmware::::::::
flir	flir_ax8	-	cpe:2.3:h:flir:flir_ax8:-:::::::*

References

packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html

gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899

www.flir.com/products/ax8-automation/

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5493.php

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.511

Percentile

97.5%

JSON

Related for NVD:CVE-2022-37060

prion1 cve1 cvelist1 zeroscience1 attackerkb1 zdt1 packetstorm1