CVE-2022-43400

2022-10-2114:15:09

CWE-1390

CWE-287

[email protected]

web.nvd.nist.gov

vulnerability

siveillance video mobile server

remote access

cve-2022-43400

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

JSON

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.

Affected configurations

NVD

Node

siemenssiveillance_video_mobile_serverRange<22.2a\(80\)

CPENameOperatorVersion
siemens:siveillance_video_mobile_serversiemens siveillance video mobile serverlt22.2a\(80\)

CPE	Name	Operator	Version
siemens:siveillance_video_mobile_server	siemens siveillance video mobile server	lt	22.2a\(80\)

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Siveillance Video Mobile Server V2022 R2",
    "versions": [
      {
        "version": "All versions < V22.2a (80)",
        "status": "affected"
      }
    ]
  }
]