Lucene search

TwcertCVE-2022-39034

HistorySep 28, 2022 - 4:15 a.m.

CVE-2022-39034

2022-09-2804:15:14

CWE-22

twcert

web.nvd.nist.gov

258

cve-2022-39034

smart evision

path traversal

report api

vulnerability

authentication bypass

remote attacker

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

50.2%

JSON

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files.

Affected configurations

Nvd

Node

lcnetsmart_evisionMatch2022.03.21

VendorProductVersionCPE
lcnetsmart_evision2022.03.21cpe:2.3:a:lcnet:smart_evision:2022.03.21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lcnet	smart_evision	2022.03.21	cpe:2.3:a:lcnet:smart_evision:2022.03.21:::::::*

CNA Affected

[
  {
    "product": "Smart eVision",
    "vendor": "Smart eVision Information Technology Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "2022.02.21"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6571-fc930-1.html

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

50.2%

JSON

Related for CVE-2022-39034