Lucene search

[email protected]CVE-2022-39061

HistoryJan 31, 2023 - 8:15 a.m.

CVE-2022-39061

2023-01-3108:15:08

CWE-125

[email protected]

web.nvd.nist.gov

cve-2022-39061

changingtech

megaservisignadapter

vulnerability

out-of-bounds read

insufficient validation

parameter length

unauthenticated remote attacker

memory access

disrupt services

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

JSON

ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services.

Affected configurations

NVD

Node

changingtecmegaservisignadapterRange<1.0.22.1004windows

CPENameOperatorVersion
changingtec:megaservisignadapterchangingtec megaservisignadapterlt1.0.22.1004

CPE	Name	Operator	Version
changingtec:megaservisignadapter	changingtec megaservisignadapter	lt	1.0.22.1004

CNA Affected

[
  {
    "vendor": "ChangingTec",
    "product": "MegaServiSignAdapter",
    "versions": [
      {
        "version": "1.0.17.0823",
        "status": "affected"
      }
    ],
    "platforms": [
      "Windows"
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6888-b5f81-1.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

JSON

Related for CVE-2022-39061

prion1 cvelist1 nvd1