Lucene search

[email protected]CVE-2022-38125

HistoryApr 19, 2023 - 12:15 p.m.

CVE-2022-38125

2023-04-1912:15:07

CWE-923

[email protected]

web.nvd.nist.gov

cve-2022-38125

improper restriction

communication channel

security vulnerability

secomea sitemanager

ftp agent

trust exploitation

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.

Affected configurations

NVD

Node

secomeasitemanager_3549_firmwareRange<10.0.622465022

AND

secomeasitemanager_3549Match-

Node

secomeasitemanager_3539_firmwareRange<10.0.622465022

AND

secomeasitemanager_3539Match-

Node

secomeasitemanager_3529_firmwareRange<10.0.622465022

AND

secomeasitemanager_3529Match-

Node

secomeasitemanager_3349_firmwareRange<10.0.622465022

AND

secomeasitemanager_3349Match-

Node

secomeasitemanager_3339_firmwareRange<10.0.622465022

AND

secomeasitemanager_3339Match-

Node

secomeasitemanager_3329_firmwareRange<10.0.622465022

AND

secomeasitemanager_3329Match-

Node

secomeasitemanager_1549_firmwareRange<10.0.622465022

AND

secomeasitemanager_1549Match-

Node

secomeasitemanager_1539_firmwareRange<10.0.622465022

AND

secomeasitemanager_1539Match-

Node

secomeasitemanager_1529_firmwareRange<10.0.622465022

AND

secomeasitemanager_1529Match-

Node

secomeasitemanager_1149_firmwareRange<10.0.622465022

AND

secomeasitemanager_1149Match-

Node

secomeasitemanager_1139_firmwareRange<10.0.622465022

AND

secomeasitemanager_1139Match-

Node

secomeasitemanager_1129_firmwareRange<10.0.622465022

AND

secomeasitemanager_1129Match-

CPENameOperatorVersion
secomea:sitemanager_3549_firmwaresecomea sitemanager 3549 firmwarelt10.0.622465022

CPE	Name	Operator	Version
secomea:sitemanager_3549_firmware	secomea sitemanager 3549 firmware	lt	10.0.622465022

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "FTP Agent"
    ],
    "product": "SiteManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThanOrEqual": "10.0",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-38125

cvelist1 nvd1 prion1