Lucene search

[email protected]NVD:CVE-2022-37062

HistoryAug 18, 2022 - 6:15 p.m.

CVE-2022-37062

2022-08-1818:15:08

CWE-306

[email protected]

web.nvd.nist.gov

flir

thermal sensor

unauthorized access

sqlite

passwords

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.005

Percentile

76.9%

JSON

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.

Affected configurations

Nvd

Node

flirflir_ax8Match-

AND

flirflir_ax8_firmwareRange≤1.46.16

VendorProductVersionCPE
flirflir_ax8-cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*
flirflir_ax8_firmware*cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flir	flir_ax8	-	cpe:2.3:h:flir:flir_ax8:-:::::::*
flir	flir_ax8_firmware	*	cpe:2.3:o:flir:flir_ax8_firmware::::::::

References

packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html

gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899

www.flir.com/products/ax8-automation/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.005

Percentile

76.9%

JSON

Related for NVD:CVE-2022-37062

prion1 cvelist1 cve1 attackerkb1 zdt1 packetstorm1