6.5
CVE-2022-40266
- EPSS 0.82%
- Veröffentlicht 24.11.2022 09:15:09
- Zuletzt bearbeitet 21.11.2024 07:21:09
- Quelle Mitsubishielectric.Psirt@yd.Mi
- CVE-Watchlists
- Unerledigt
LoginDenial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitsubishielectric ≫ Got2000 Gt27 Firmware Version <= 01.39.000
Mitsubishielectric ≫ Got2000 Gt25 Firmware Version <= 01.39.000
Mitsubishielectric ≫ Got2000 Gt23 Firmware Version <= 01.39.000
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.82% | 0.525 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://jvn.jp/vu/JVNVU95633416
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf