Lucene search

[email protected]NVD:CVE-2022-38628

HistoryDec 13, 2022 - 9:15 p.m.

CVE-2022-38628

2022-12-1321:15:11

CWE-384

[email protected]

web.nvd.nist.gov

nortek linear emerge

e3-series

xss vulnerability

local session fixation

privilege escalation

unspecified vectors

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.4%

JSON

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.

Affected configurations

NVD

Node

niceforyoulinear_emerge_e3_access_controlMatch-

AND

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-07e

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-07p

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-08e

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-08f

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-09a

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-09b

niceforyoulinear_emerge_e3_access_control_firmwareMatch0.32-09c

References

github.com/omarhashem123/Security-Research/blob/main/CVE-2022-38628/CVE-2022-38628.txt

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for NVD:CVE-2022-38628

prion1 cve1 cvelist1