Lucene search

[email protected]CVE-2022-26872

HistoryJan 30, 2023 - 4:15 p.m.

CVE-2022-26872

2023-01-3016:15:00

CWE-640

[email protected]

web.nvd.nist.gov

cve

2022

26872

ami

megarac

password

reset

interception

api

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.9%

JSON

AMI Megarac Password reset interception via API

CPENameOperatorVersion
ami:megarac_sp-xami megarac sp-xeq12
ami:megarac_sp-xami megarac sp-xeq13

CPE	Name	Operator	Version
ami:megarac_sp-x	ami megarac sp-x	eq	12
ami:megarac_sp-x	ami megarac sp-x	eq	13

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf

security.netapp.com/advisory/ntap-20230731-0008/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.9%

JSON

Related for CVE-2022-26872

prion1 cvelist1 cert1 thn2 nvidia1