Lucene search

[email protected]NVD:CVE-2022-30605

HistoryAug 22, 2022 - 7:15 p.m.

CVE-2022-30605

2022-08-2219:15:10

CWE-384

[email protected]

web.nvd.nist.gov

vulnerability

privilege escalation

session id

http request

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.5%

JSON

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.

Affected configurations

Nvd

Node

wwbnavideoMatch11.6

VendorProductVersionCPE
wwbnavideo11.6cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wwbn	avideo	11.6	cpe:2.3:a:wwbn:avideo:11.6:::::::*

References

github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql

talosintelligence.com/vulnerability_reports/TALOS-2022-1535

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.5%

JSON

Related for NVD:CVE-2022-30605

osv1 cvelist1 prion1 talos1 cve1 talosblog1