Lucene search

TwcertCVELIST:CVE-2022-39059

HistoryJan 31, 2023 - 12:00 a.m.

CVE-2022-39059 ChangingTec MegaServiSignAdapter - Path Traversal

2023-01-3100:00:00

CWE-22

twcert

www.cve.org

changingtec megaservisignadapter

path traversal

vulnerability

file reading

remote attacker

system files

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.8%

JSON

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.

CNA Affected

[
  {
    "vendor": "ChangingTec",
    "product": "MegaServiSignAdapter",
    "versions": [
      {
        "version": "1.0.17.0823",
        "status": "affected"
      }
    ],
    "platforms": [
      "Windows"
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6886-2c546-1.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for CVELIST:CVE-2022-39059