Lucene search
MitreCVE-2022-26479HistoryJul 17, 2022 - 11:15 p.m.
CVE-2022-26479
2022-07-1723:15:08
CWE-863
mitre
web.nvd.nist.gov
747
11
poly eagleeye director ii
cve-2022-26479
security issue
admin authentication
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.003
Percentile
68.3%
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
Affected configurations
Node
polyeagleeye_director_ii_firmwareRange<2.2.2.1
polyeagleeye_director_iiMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| poly | eagleeye_director_ii_firmware | * | cpe:2.3:o:poly:eagleeye_director_ii_firmware:*:*:*:*:*:*:*:* |
| poly | eagleeye_director_ii | - | cpe:2.3:h:poly:eagleeye_director_ii:-:*:*:*:*:*:*:* |
References
Social References
More
Related
cvelist
cvelist
CVE-2022-26479
2022-07-17 22:01:38
nvd
nvd
CVE-2022-26479
2022-07-17 23:15:08
prion
prion
Authentication flaw
2022-07-17 23:15:00
zdt
zdt
packetstorm
packetstorm
Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass
2022-06-06 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.003
Percentile
68.3%
Related for CVE-2022-26479