CVE-2022-50695

Exploit

EPSS 0.74%
Veröffentlicht 30.12.2025 22:41:34
Zuletzt bearbeitet 16.01.2026 19:16:10
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

NVD 12 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sound4 ≫ Impact Firmware Version2.15

Sound4 ≫ Impact Version2.0

Sound4 ≫ Impact Firmware Version1.69

Sound4 ≫ Impact Version1.0

Sound4 ≫ Pulse Firmware Version2.15

Sound4 ≫ Pulse Version2.0

Sound4 ≫ Pulse Firmware Version1.69

Sound4 ≫ Pulse Version1.0

Sound4 ≫ First Firmware Version2.15

Sound4 ≫ First Version2.0

Sound4 ≫ First Firmware Version1.69

Sound4 ≫ First Version1.0

Sound4 ≫ Impact Eco Firmware Version1.16

Sound4 ≫ Impact Eco Version-

Sound4 ≫ Pulse Eco Firmware Version1.16

Sound4 ≫ Pulse Eco Version-

Sound4 ≫ Big Voice4 Firmware Version1.2

Sound4 ≫ Big Voice4 Version-

Sound4 ≫ Big Voice2 Firmware Version1.30

Sound4 ≫ Big Voice2 Version-

Sound4 ≫ Wm2 Firmware Version1.11

Sound4 ≫ Wm2 Version-

Sound4 ≫ Stream Extension Version2.4.29

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.74%	0.497

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
disclosure@vulncheck.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.sound4.com/

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5728.php

Third Party Advisory

Exploit

https://packetstormsecurity.com/files/170255/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-ICMP-Flood-Attack.html

Third Party Advisory

Exploit

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/247948

Third Party Advisory

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-icmp-flood-attack-via-network-commands

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-50695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50695

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-50695