7.5
CVE-2022-50692
- EPSS 0.07%
- Veröffentlicht 30.12.2025 22:41:33
- Zuletzt bearbeitet 20.01.2026 18:51:15
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginSOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sound4 ≫ Impact Firmware Version2.15
Sound4 ≫ Impact Firmware Version1.69
Sound4 ≫ Pulse Firmware Version2.15
Sound4 ≫ Pulse Firmware Version1.69
Sound4 ≫ First Firmware Version2.15
Sound4 ≫ First Firmware Version1.69
Sound4 ≫ Impact Eco Firmware Version1.16
Sound4 ≫ Pulse Eco Firmware Version1.16
Sound4 ≫ Big Voice4 Firmware Version1.2
Sound4 ≫ Big Voice2 Firmware Version1.30
Sound4 ≫ Wm2 Firmware Version1.11
Sound4 ≫ Stream Extension Version2.4.29
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.202 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| disclosure@vulncheck.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."