Lucene search

K

[email protected]NVD:CVE-2022-32664

HistoryJan 03, 2023 - 9:15 p.m.

CVE-2022-32664

2023-01-0321:15:12

CWE-77

[email protected]

web.nvd.nist.gov

config manager

command injection

input validation

privilege escalation

user execution

patch id

issue id

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.

Affected configurations

NVD

Node

mediateklinkit_software_development_kitRange<7.3.293.0

AND

mediateken7516Match-

Node

mediateklinkit_software_development_kitRange<7.3.293.0

AND

mediateken7528Match-

Node

mediateklinkit_software_development_kitRange<7.3.293.0

AND

mediateken7529Match-

Node

mediateklinkit_software_development_kitRange<7.3.293.0

AND

mediateken7561Match-

Node

mediateklinkit_software_development_kitRange<7.3.293.0

AND

mediateken7562Match-

Node

mediateklinkit_software_development_kitRange<7.3.293.0

AND

mediateken7580Match-

References

corp.mediatek.com/product-security-bulletin/January-2023

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

Related for NVD:CVE-2022-32664

prion1 cve1 cvelist1