Lucene search

HoneywellCVELIST:CVE-2022-43485

HistoryMay 30, 2023 - 4:19 p.m.

CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens

2023-05-3016:19:24

CWE-330

Honeywell

www.cve.org

cve-2022-43485

insecure random number

jwt token manipulation

onewireless vulnerability

version 322.1

6.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

24.0%

JSON

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client’s JWT token. This issue affects OneWireless version 322.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OneWireless",
    "vendor": "Honeywell",
    "versions": [
      {
        "status": "affected",
        "version": "322.1"
      }
    ]
  }
]

References

process.honeywell.com/

6.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

24.0%

JSON

Related for CVELIST:CVE-2022-43485