8
CVE-2022-4098
- EPSS 0.04%
- Veröffentlicht 13.12.2022 08:15:10
- Zuletzt bearbeitet 21.11.2024 07:34:34
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginMultiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wut ≫ Com-server ++ Firmware Version < 1.55
Wut ≫ Com-server 20ma Firmware Version < 1.55
Wut ≫ Com-server Highspeed 100basefx Firmware Version < 1.78
Wut ≫ Com-server Highspeed 100baselx Firmware Version < 1.78
Wut ≫ Com-server Highspeed 19" 1port Firmware Version < 1.78
Wut ≫ Com-server Highspeed 19" 4port Firmware Version < 1.78
Wut ≫ Com-server Highspeed Compact Firmware Version < 1.78
Wut ≫ Com-server Highspeed Industry Firmware Version < 1.78
Wut ≫ Com-server Highspeed Isolated Firmware Version < 1.78
Wut ≫ Com-server Highspeed Oem Firmware Version < 1.78
Wut ≫ Com-server Highspeed Office 1port Firmware Version < 1.78
Wut ≫ Com-server Highspeed Office 4port Firmware Version < 1.78
Wut ≫ Com-server Highspeed Poe Firmware Version < 1.78
Wut ≫ Com-server Highspeed Lc Firmware Version < 1.55
Wut ≫ Com-server Highspeed Poe 3x Isolated Firmware Version < 1.55
Wut ≫ Com-server Highspeed Ul Firmware Version < 1.55
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.101 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.