Lucene search

INCDCVELIST:CVE-2022-36780

HistorySep 11, 2022 - 12:00 a.m.

CVE-2022-36780 Avdor CIS - crystal quality Credentials Management Errors

2022-09-1100:00:00

INCD

www.cve.org

avdor cis

crystal quality

credentials management

errors

phone call recorder

crafted url

recorded calls

authenticate

crafted url

system

security vulnerability

4.9 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.

CNA Affected

[
  {
    "product": "crystal quality",
    "vendor": "Avdor CIS",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "Update to the latest version",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories