Lucene search

[email protected]NVD:CVE-2022-43400

HistoryOct 21, 2022 - 2:15 p.m.

CVE-2022-43400

2022-10-2114:15:09

CWE-1390

CWE-287

[email protected]

web.nvd.nist.gov

vulnerability

siveillance video mobile server

active directory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.8%

JSON

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.

Affected configurations

Nvd

Node

siemenssiveillance_video_mobile_serverRange<22.2a\(80\)

VendorProductVersionCPE
siemenssiveillance_video_mobile_server*cpe:2.3:a:siemens:siveillance_video_mobile_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	siveillance_video_mobile_server	*	cpe:2.3:a:siemens:siveillance_video_mobile_server::::::::

References

cert-portal.siemens.com/productcert/pdf/ssa-640732.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.8%

JSON

Related for NVD:CVE-2022-43400

cve1 cvelist1 cnvd1 ics1 prion1