Lucene search

[email protected]NVD:CVE-2022-45477

HistoryDec 05, 2022 - 4:15 p.m.

CVE-2022-45477

2022-12-0516:15:10

CWE-306

[email protected]

web.nvd.nist.gov

telepad

remote code execution

vulnerability

server

authentication

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.6%

JSON

Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected configurations

Nvd

Node

telepad-apptelepadRange≤1.0.7

VendorProductVersionCPE
telepad-apptelepad*cpe:2.3:a:telepad-app:telepad:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
telepad-app	telepad	*	cpe:2.3:a:telepad-app:telepad::::::::

References

www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.6%

JSON

Related for NVD:CVE-2022-45477

prion1 cvelist1 cve1 thn1 githubexploit1 malwarebytes1