Lucene search

[email protected]CVE-2022-29859

HistoryApr 27, 2022 - 11:15 p.m.

CVE-2022-29859

2022-04-2723:15:08

[email protected]

web.nvd.nist.gov

cve-2022-29859

ambiot

amb1_sdk

ameba1

dhcp

data structures

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.

Affected configurations

NVD

Node

amb1_sdk_projectamb1_sdkRange<2022-03-11

CPENameOperatorVersion
amb1_sdk_project:amb1_sdkamb1 sdk project amb1 sdklt2022-03-11

CPE	Name	Operator	Version
amb1_sdk_project:amb1_sdk	amb1 sdk project amb1 sdk	lt	2022-03-11

References

github.com/ambiot/amb1_sdk/commit/4b73f58f32914d0081d79a79e53a3215c8c1ea56

www.amebaiot.com/zh/security_bulletin/cve-2022-29859/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2022-29859

osv1 cvelist1 nvd1 prion1