Lucene search

IcscertCVELIST:CVE-2022-26519

HistoryApr 20, 2022 - 3:30 p.m.

CVE-2022-26519 Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts

2022-04-2015:30:36

CWE-307

icscert

www.cve.org

cve-2022-26519

interlogix hills comnav

excessive authentication attempts

local configuration

brute-force

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.

CNA Affected

[
  {
    "product": "Hills ComNav",
    "vendor": "Interlogix",
    "versions": [
      {
        "lessThan": "3002-19",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-26519