CVE-2022-27179

EPSS 0.16%
Veröffentlicht 20.04.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:55:21
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redlion ≫ Da50n Firmware Version-

Redlion ≫ Da50n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.381

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
ics-cert@hq.dhs.gov	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-27179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27179

EUVD