Lucene search

TwcertCVELIST:CVE-2022-26668

HistoryJun 20, 2022 - 5:30 a.m.

CVE-2022-26668 ASUS Control Center - Broken Access Control

2022-06-2005:30:29

CWE-269

twcert

www.cve.org

asus

control center

api

broken access control

vulnerability

unauthenticated

remote attacker

privileged api functions

partial system operations

service disruption

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.002

Percentile

51.4%

JSON

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

CNA Affected

[
  {
    "product": "Control Center",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.2.5"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6055-c6500-1.html

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.002

Percentile

51.4%

JSON

Related for CVELIST:CVE-2022-26668