Lucene search

SecomeaCVELIST:CVE-2022-4308

HistoryApr 19, 2023 - 11:56 a.m.

CVE-2022-4308 Clear-text passwords in configuration files

2023-04-1911:56:32

CWE-256

Secomea

www.cve.org

cve-2022-4308

clear-text passwords

secomea gatemanager

authentication abuse

sitemanager

plaintext storage

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "USB wizard"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "GateManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThan": "10.1",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory/

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2022-4308