Lucene search

TwcertCVELIST:CVE-2022-39032

HistorySep 28, 2022 - 3:25 a.m.

CVE-2022-39032 Smart eVision - Improper Privilege Management

2022-09-2803:25:37

CWE-269

twcert

www.cve.org

smart evision

privilege management

vulnerability

escalation

administrator privilege

arbitrary system command

disrupt service

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service.

CNA Affected

[
  {
    "product": "Smart eVision",
    "vendor": "Smart eVision Information Technology Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "2022.02.21"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6569-9fcf4-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Related for CVELIST:CVE-2022-39032