CVE-2022-38168

Exploit

EPSS 0.13%
Veröffentlicht 03.11.2022 21:15:09
Zuletzt bearbeitet 02.05.2025 21:15:18
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avaya ≫ Scopia Pathfinder 10 Pts Firmware Version8.3.7.0.4

Avaya ≫ Scopia Pathfinder 10 Pts Version-

Avaya ≫ Scopia Pathfinder 20 Pts Firmware Version8.3.7.0.4

Avaya ≫ Scopia Pathfinder 20 Pts Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.327

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-38168

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38168

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38168

EUVD