CVE-2022-29475

2022-10-2517:15:51

CWE-294

[email protected]

web.nvd.nist.gov

abode systems

inc

information disclosure

xfinder

man-in-the-middle

increased privileges

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.6%

JSON

An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Affected configurations

Nvd

Node

goabodeiota_all-in-one_security_kit_firmwareMatch6.9z

AND

goabodeiota_all-in-one_security_kitMatch-

Node

goabodeiota_all-in-one_security_kit_firmwareMatch6.9x

AND

goabodeiota_all-in-one_security_kitMatch-

VendorProductVersionCPE
goabodeiota_all-in-one_security_kit_firmware6.9zcpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*
goabodeiota_all-in-one_security_kit-cpe:2.3:h:goabode:iota_all-in-one_security_kit:-:*:*:*:*:*:*:*
goabodeiota_all-in-one_security_kit_firmware6.9xcpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
goabode	iota_all-in-one_security_kit_firmware	6.9z	cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:::::::*
goabode	iota_all-in-one_security_kit	-	cpe:2.3:h:goabode:iota_all-in-one_security_kit:-:::::::*
goabode	iota_all-in-one_security_kit_firmware	6.9x	cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:::::::*