Lucene search

[email protected]NVD:CVE-2022-26668

HistoryJun 20, 2022 - 6:15 a.m.

CVE-2022-26668

2022-06-2006:15:08

CWE-269

CWE-863

[email protected]

web.nvd.nist.gov

cve-2022-26668

asus control center

access control

vulnerability

unauthenticated remote attacker

privileged api

system operations

disrupt of service

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.002

Percentile

51.4%

JSON

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

Affected configurations

Nvd

Node

asuscontrol_centerMatch1.4.2.5

VendorProductVersionCPE
asuscontrol_center1.4.2.5cpe:2.3:a:asus:control_center:1.4.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	control_center	1.4.2.5	cpe:2.3:a:asus:control_center:1.4.2.5:::::::*

References

www.twcert.org.tw/tw/cp-132-6055-c6500-1.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.002

Percentile

51.4%

JSON

Related for NVD:CVE-2022-26668

prion1 cve1 cvelist1