Lucene search

[email protected]CVE-2022-43438

HistoryJan 03, 2023 - 3:15 a.m.

CVE-2022-43438

2023-01-0303:15:10

CWE-863

[email protected]

web.nvd.nist.gov

easytest

cve-2022-43438

incorrect authorization

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service.

Affected configurations

NVD

Node

easy_test_projecteasy_testRange17l18s–22i26

CPENameOperatorVersion
easy_test_project:easy_testeasy test project easy testlt22i26

CPE	Name	Operator	Version
easy_test_project:easy_test	easy test project easy test	lt	22i26

CNA Affected

[
  {
    "vendor": "HWA JIUH DIGITAL TECHNOLOGY LTD.",
    "product": "EasyTest",
    "versions": [
      {
        "version": "17L18S",
        "status": "affected",
        "lessThanOrEqual": "22H29",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6830-28746-1.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for CVE-2022-43438

nvd1 prion1 cvelist1