5.5
CVE-2022-38125
- EPSS 0.16%
- Veröffentlicht 19.04.2023 12:15:07
- Zuletzt bearbeitet 05.02.2025 15:15:15
- Quelle VulnerabilityReporting@secomea
- CVE-Watchlists
- Unerledigt
LoginFTP Agent forwards traffic on inactive ports to LinkManager
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Secomea ≫ Sitemanager 3549 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 3539 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 3529 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 3349 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 3339 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 3329 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 1549 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 1539 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 1529 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 1149 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 1139 Firmware Version < 10.0.622465022
Secomea ≫ Sitemanager 1129 Firmware Version < 10.0.622465022
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.052 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| VulnerabilityReporting@secomea.com | 2.9 | 1.2 | 1.4 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
https://www.secomea.com/support/cybersecurity-advisory/