Lucene search
HistoryJul 17, 2022 - 11:15 p.m.
CVE-2022-26479
poly eagleeye director
unauthorized access
api calls
authentication
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.3%
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
Affected configurations
Node
polyeagleeye_director_ii_firmwareRange<2.2.2.1
polyeagleeye_director_iiMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| poly | eagleeye_director_ii_firmware | * | cpe:2.3:o:poly:eagleeye_director_ii_firmware:*:*:*:*:*:*:*:* |
| poly | eagleeye_director_ii | - | cpe:2.3:h:poly:eagleeye_director_ii:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-26479
2022-07-17 22:01:38
cve
cve
CVE-2022-26479
2022-07-17 23:15:08
prion
prion
Authentication flaw
2022-07-17 23:15:00
zdt
zdt
packetstorm
packetstorm
Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass
2022-06-06 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.3%
Related for NVD:CVE-2022-26479