9.8
CVE-2022-36642
- EPSS 70.72%
- Veröffentlicht 02.09.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:13:27
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Telosalliance ≫ Omnia Mpx Node Firmware Version >= 1.0.0 < 1.5.0
Telosalliance ≫ Omnia Mpx Node Firmware Version1.5.0 Update-
Telosalliance ≫ Omnia Mpx Node Firmware Version1.5.0 Updater1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 70.72% | 0.987 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.