Lucene search

[email protected]CVE-2022-38628

HistoryDec 13, 2022 - 9:15 p.m.

CVE-2022-38628

2022-12-1321:15:11

CWE-384

[email protected]

web.nvd.nist.gov

nortek

linear

e3-series

0.32-08f

cve-2022-38628

xss

vulnerability

local session fixation

privilege escalation

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.3%

JSON

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.

Affected configurations

NVD

Node

niceforyoulinear_emerge_e3_access_controlMatch-

AND

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-07e

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-07p

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-08e

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-08f

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-09a

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-09b

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-09c

CPENameOperatorVersion
niceforyou:linear_emerge_e3_access_control_firmwareniceforyou linear emerge e3 access control firmwareeq0.32-07e
niceforyou:linear_emerge_e3_access_control_firmwareniceforyou linear emerge e3 access control firmwareeq0.32-07p
niceforyou:linear_emerge_e3_access_control_firmwareniceforyou linear emerge e3 access control firmwareeq0.32-08e
niceforyou:linear_emerge_e3_access_control_firmwareniceforyou linear emerge e3 access control firmwareeq0.32-08f
niceforyou:linear_emerge_e3_access_control_firmwareniceforyou linear emerge e3 access control firmwareeq0.32-09a
niceforyou:linear_emerge_e3_access_control_firmwareniceforyou linear emerge e3 access control firmwareeq0.32-09b
niceforyou:linear_emerge_e3_access_control_firmwareniceforyou linear emerge e3 access control firmwareeq0.32-09c

CPE	Name	Operator	Version
niceforyou:linear_emerge_e3_access_control_firmware	niceforyou linear emerge e3 access control firmware	eq	0.32-07e
niceforyou:linear_emerge_e3_access_control_firmware	niceforyou linear emerge e3 access control firmware	eq	0.32-07p
niceforyou:linear_emerge_e3_access_control_firmware	niceforyou linear emerge e3 access control firmware	eq	0.32-08e
niceforyou:linear_emerge_e3_access_control_firmware	niceforyou linear emerge e3 access control firmware	eq	0.32-08f
niceforyou:linear_emerge_e3_access_control_firmware	niceforyou linear emerge e3 access control firmware	eq	0.32-09a
niceforyou:linear_emerge_e3_access_control_firmware	niceforyou linear emerge e3 access control firmware	eq	0.32-09b
niceforyou:linear_emerge_e3_access_control_firmware	niceforyou linear emerge e3 access control firmware	eq	0.32-09c

References

github.com/omarhashem123/Security-Research/blob/main/CVE-2022-38628/CVE-2022-38628.txt

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for CVE-2022-38628

prion1 nvd1 cvelist1