Lucene search

CERTVDECVELIST:CVE-2022-3485

HistoryDec 12, 2022 - 11:39 a.m.

CVE-2022-3485 Weak Password Recovery in ifm moneo appliance

2022-12-1211:39:32

CWE-640

CERTVDE

www.cve.org

cve-2022-3485

weak password recovery

ifm moneo appliance

unauthenticated remote attacker

administrator password reset

serial number

full control

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "moneo appliance",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.9.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "moneo appliance",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.9.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2022-050/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

Related for CVELIST:CVE-2022-3485