Lucene search

[email protected]NVD:CVE-2022-36642

HistorySep 02, 2022 - 10:15 p.m.

CVE-2022-36642

2022-09-0222:15:08

CWE-862

[email protected]

web.nvd.nist.gov

file disclosure

telos alliance omnia

user credentials

unauthorized access

lfd vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.725 High

EPSS

Percentile

98.1%

JSON

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.

Affected configurations

NVD

Node

telosallianceomnia_mpx_node_firmwareRange1.0.0–1.5.0

telosallianceomnia_mpx_node_firmwareMatch1.5.0-

telosallianceomnia_mpx_node_firmwareMatch1.5.0r1

AND

telosallianceomnia_mpx_nodeMatch-

References

cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd

cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis

drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklL

www.exploit-db.com/exploits/50996

www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.725 High

EPSS

Percentile

98.1%

JSON

Related for NVD:CVE-2022-36642

cve1 nuclei1 cvelist1 prion1