CVE-2022-50692

Exploit

EPSS 0.5%
Veröffentlicht 30.12.2025 22:41:33
Zuletzt bearbeitet 20.01.2026 18:51:15
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session Expiration Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 12 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sound4 ≫ Impact Firmware Version2.15

Sound4 ≫ Impact Version2.0

Sound4 ≫ Impact Firmware Version1.69

Sound4 ≫ Impact Version1.0

Sound4 ≫ Pulse Firmware Version2.15

Sound4 ≫ Pulse Version2.0

Sound4 ≫ Pulse Firmware Version1.69

Sound4 ≫ Pulse Version1.0

Sound4 ≫ First Firmware Version2.15

Sound4 ≫ First Version2.0

Sound4 ≫ First Firmware Version1.69

Sound4 ≫ First Version1.0

Sound4 ≫ Impact Eco Firmware Version1.16

Sound4 ≫ Impact Eco Version-

Sound4 ≫ Pulse Eco Firmware Version1.16

Sound4 ≫ Pulse Eco Version-

Sound4 ≫ Big Voice4 Firmware Version1.2

Sound4 ≫ Big Voice4 Version-

Sound4 ≫ Big Voice2 Firmware Version1.30

Sound4 ≫ Big Voice2 Version-

Sound4 ≫ Wm2 Firmware Version1.11

Sound4 ≫ Wm2 Version-

Sound4 ≫ Stream Extension Version2.4.29

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.389

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
disclosure@vulncheck.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5724.php

Third Party Advisory

Exploit

https://packetstormsecurity.com/files/170251/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Insufficient-Session-Expiration.html

Third Party Advisory

Exploit

https://cxsecurity.com/issue/WLB-2022120030

Third Party Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/247956

Third Party Advisory

https://www.sound4.com/

Product

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-insufficient-session-expiration-vulnerability

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-50692

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50692

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50692

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-50692