CVE-2022-42982

EPSS 0.42%
Veröffentlicht 17.11.2022 05:15:15
Zuletzt bearbeitet 30.04.2025 14:15:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bund ≫ Bkg Professional Ntripcaster Version <= 2.0.39

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.594

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://cve.mahi.be/bkg_ntrip_udp/

Third Party Advisory

https://igs.bkg.bund.de/ntrip/bkgcaster

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2022-42982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42982

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-42982