Lucene search

SecomeaCVELIST:CVE-2022-38125

HistoryApr 19, 2023 - 11:58 a.m.

CVE-2022-38125 FTP Agent forwards traffic on inactive ports to LinkManager

2023-04-1911:58:14

CWE-923

Secomea

www.cve.org

improper restriction

communication channel

exploiting trust

secomea sitemanager

linkmanager

2.9 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "FTP Agent"
    ],
    "product": "SiteManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThanOrEqual": "10.0",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory/

2.9 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2022-38125