Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-1399
HistoryAug 17, 2022 - 12:15 a.m.

CVE-2022-1399

2022-08-1700:15:08
CWE-88
[email protected]
web.nvd.nist.gov
1
argument injection
modification
discovery component
device42 cmdb
local attacker
arbitrary code
root privileges
cve-2022-1399

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

41.4%

JSON

An Argument Injection or Modification vulnerability in the “Change Secret” username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions.

Affected configurations

Nvd
Node
device42cmdbRange<18.01.00
VendorProductVersionCPE
device42cmdb*cpe:2.3:a:device42:cmdb:*:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
cve 1
thn 1
prion
prion
Design/Logic Flaw
2022-08-17 00:15:00
cvelist
cvelist
CVE-2022-1399 Remote code execution in scheduled tasks component
2022-08-16 23:20:10
cve
cve
CVE-2022-1399
2022-08-17 00:15:08
thn
thn
Critical Flaws Disclosed in Device42 IT Asset Management Software
2022-08-11 09:23:00

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

41.4%

JSON
Related for NVD:CVE-2022-1399
prion1cvelist1cve1thn1