Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCERTVDECVE-2022-3485
HistoryDec 12, 2022 - 12:15 p.m.

CVE-2022-3485

2022-12-1212:15:10
CWE-640
CERTVDE
web.nvd.nist.gov
39
cve-2022-3485
ifm moneo appliance
vulnerability
unauthenticated access
administrator password reset

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.

Affected configurations

Nvd
Node
ifmmoneo_qha210_firmwareRange1.9.3
AND
ifmmoneo_qha210Match-
Node
ifmmoneo_qha200_firmwareRange1.9.3
AND
ifmmoneo_qha200Match-
VendorProductVersionCPE
ifmmoneo_qha210_firmware*cpe:2.3:o:ifm:moneo_qha210_firmware:*:*:*:*:*:*:*:*
ifmmoneo_qha210-cpe:2.3:h:ifm:moneo_qha210:-:*:*:*:*:*:*:*
ifmmoneo_qha200_firmware*cpe:2.3:o:ifm:moneo_qha200_firmware:*:*:*:*:*:*:*:*
ifmmoneo_qha200-cpe:2.3:h:ifm:moneo_qha200:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "moneo appliance",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.9.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "moneo appliance",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.9.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2022-3485
2022-12-12 12:15:10
prion
prion
Default credentials
2022-12-12 12:15:00
cvelist
cvelist
CVE-2022-3485 Weak Password Recovery in ifm moneo appliance
2022-12-12 11:39:32

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON
Related for CVE-2022-3485
nvd1prion1cvelist1