Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-42787
HistoryNov 10, 2022 - 12:15 p.m.

CVE-2022-42787

2022-11-1012:15:10
CWE-330
[email protected]
web.nvd.nist.gov
w&t
comserver
session id
brute force
user interaction

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.5%

JSON

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Affected configurations

NVD
Node
wutat-modem-emulatorMatch-
AND
wutat-modem-emulator_firmwareRange<1.48
Node
wutcom-server_\+\+Match-
AND
wutcom-server_\+\+_firmwareRange<1.48
Node
wutcom-server_20maMatch-
AND
wutcom-server_20ma_firmwareRange<1.48
Node
wutcom-server_highspeed_100basefxMatch-
AND
wutcom-server_highspeed_100basefx_firmwareRange<1.76
Node
wutcom-server_highspeed_100baselxMatch-
AND
wutcom-server_highspeed_100baselx_firmwareRange<1.76
Node
wutcom-server_highspeed_19\"_1portMatch-
AND
wutcom-server_highspeed_19\"_1port_firmwareRange<1.76
Node
wutcom-server_highspeed_19\"_4portMatch-
AND
wutcom-server_highspeed_19\"_4port_firmwareRange<1.76
Node
wutcom-server_highspeed_compactMatch-
AND
wutcom-server_highspeed_compact_firmwareRange<1.76
Node
wutcom-server_highspeed_industry_firmwareRange<1.76
AND
wutcom-server_highspeed_industryMatch-
Node
wutcom-server_highspeed_isolated_firmwareRange<1.76
AND
wutcom-server_highspeed_isolatedMatch-
Node
wutcom-server_highspeed_oem_firmwareRange<1.76
AND
wutcom-server_highspeed_oemMatch-
Node
wutcom-server_highspeed_office_1port_firmwareRange<1.76
AND
wutcom-server_highspeed_office_1portMatch-
Node
wutcom-server_highspeed_office_4port_firmwareRange<1.76
AND
wutcom-server_highspeed_office_4portMatch-
Node
wutcom-server_highspeed_poe_firmwareRange<1.76
AND
wutcom-server_highspeed_poeMatch-
Node
wutcom-server_highspeed_lc_firmwareRange<1.48
AND
wutcom-server_highspeed_lcMatch-
Node
wutcom-server_highspeed_ul_firmwareRange<1.48
AND
wutcom-server_highspeed_ulMatch-
Node
wutcom-server_highspeed_poe_3x_isolated_firmwareRange<1.48
AND
wutcom-server_highspeed_poe_3x_isolatedMatch-

Related

prion 1
cve 1
cvelist 1
prion
prion
Design/Logic Flaw
2022-11-10 12:15:00
cve
cve
CVE-2022-42787
2022-11-10 12:15:10
cvelist
cvelist
CVE-2022-42787 Wiesemann & Theis: Small number space for allocating session id in Com-Server family
2022-11-10 11:06:20

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.5%

JSON
Related for NVD:CVE-2022-42787
prion1cve1cvelist1