Lucene search

TalosCVELIST:CVE-2022-33938

HistoryOct 25, 2022 - 4:33 p.m.

CVE-2022-33938

2022-10-2516:33:58

CWE-134

talos

www.cve.org

vulnerability

format string injection

abode systems inc

memory corruption

information disclosure

denial of service

xcmd

xml payload

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "abode systems, inc.",
    "product": "iota All-In-One Security Kit",
    "versions": [
      {
        "version": "6.9X",
        "status": "affected"
      },
      {
        "version": "6.9Z",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1584

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Related for CVELIST:CVE-2022-33938