Lucene search
TalosCVELIST:CVE-2022-38088HistoryJan 26, 2023 - 9:24 p.m.
CVE-2022-38088
2023-01-2621:24:49
CWE-22
talos
www.cve.org
8
directory traversal
siretta quartz-gold
arbitrary file read
http request
vulnerability
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
33.4%
A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
CNA Affected
[
{
"vendor": "Siretta",
"product": "QUARTZ-GOLD",
"versions": [
{
"version": "G5.0.1.5-210720-141020",
"status": "affected"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2022-38088
2023-01-26 21:24:49
nvd
nvd
CVE-2022-38088
2023-01-26 22:15:13
talos
talos
Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability
2023-01-26 00:00:00
cnvd
cnvd
Siretta QUARTZ-GOLD Directory Traversal Vulnerability (CNVD-2023-17077)
2023-01-30 00:00:00
cve
cve
CVE-2022-38088
2023-01-26 22:15:13
prion
prion
Directory traversal
2023-01-26 22:15:00
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
33.4%
Related for CVELIST:CVE-2022-38088