CVE-2022-44565

EPSS 0.19%
Veröffentlicht 23.12.2022 15:15:15
Zuletzt bearbeitet 15.04.2025 15:16:00
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ui ≫ Airfiber Gigabeam Firmware Version < 1.4.1

Ui ≫ Airfiber Gigabeam Version-

Ui ≫ Airfiber 60-xg Firmware Version < 1.0.0

Ui ≫ Airfiber 60-xg Version-

Ui ≫ Airfiber 60-hd Firmware Version < 1.0.0

Ui ≫ Airfiber 60-hd Version-

Ui ≫ Airfiber 60-lr Firmware Version < 2.6.2

Ui ≫ Airfiber 60-lr Version-

Ui ≫ Airmax Ac Firmware Version < 8.7.11

Ui ≫ Airmax Ac Version-

Ui ≫ Airfiber 60 Firmware Version < 2.6.2

Ui ≫ Airfiber 60 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.405

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-44565

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-44565

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-44565

EUVD