Lucene search

INCIBECVELIST:CVE-2022-47892

HistoryOct 03, 2023 - 11:27 a.m.

CVE-2022-47892 Information disclosure in NetMan 204

2023-10-0311:27:05

CWE-200

INCIBE

www.cve.org

netman 204

cve-2022-47892

information disclosure

remote attacker

file read

sensitive information

credentials

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Netman-204",
    "vendor": "Riello UPS",
    "versions": [
      {
        "lessThanOrEqual": "all versions",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for CVELIST:CVE-2022-47892