8.7

CVE-2022-50695

Exploit
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sound4Impact Firmware Version2.15
   Sound4Impact Version2.0
Sound4Impact Firmware Version1.69
   Sound4Impact Version1.0
Sound4Pulse Firmware Version2.15
   Sound4Pulse Version2.0
Sound4Pulse Firmware Version1.69
   Sound4Pulse Version1.0
Sound4First Firmware Version2.15
   Sound4First Version2.0
Sound4First Firmware Version1.69
   Sound4First Version1.0
Sound4Impact Eco Firmware Version1.16
   Sound4Impact Eco Version-
Sound4Pulse Eco Firmware Version1.16
   Sound4Pulse Eco Version-
Sound4Big Voice4 Firmware Version1.2
   Sound4Big Voice4 Version-
Sound4Big Voice2 Firmware Version1.30
   Sound4Big Voice2 Version-
Sound4Wm2 Firmware Version1.11
   Sound4Wm2 Version-
Sound4Stream Extension Version2.4.29
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.81% 0.737
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
disclosure@vulncheck.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.