CVE-2022-26519

EPSS 0.19%
Veröffentlicht 20.04.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:54:06
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Carrier ≫ Hills Comnav Firmware Version <= 3002-19

Carrier ≫ Hills Comnav Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
ics-cert@hq.dhs.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26519

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26519

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26519

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-26519