Lucene search

[email protected]NVD:CVE-2022-43448

HistoryJan 03, 2023 - 3:15 a.m.

CVE-2022-43448

2023-01-0303:15:10

CWE-787

[email protected]

web.nvd.nist.gov

vulnerability

out-of-bounds write

v-sft

tellus

local attacker

information disclosure

arbitrary code

image file

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.6%

JSON

Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.

Affected configurations

Nvd

Node

fujielectrictellusRange<4.0.15.0

fujielectricv-sftRange<6.1.8.0

VendorProductVersionCPE
fujielectrictellus*cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*
fujielectricv-sft*cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fujielectric	tellus	*	cpe:2.3:a:fujielectric:tellus::::::::
fujielectric	v-sft	*	cpe:2.3:a:fujielectric:v-sft::::::::

References

jvn.jp/en/vu/JVNVU90679513/index.html

monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.6%

JSON

Related for NVD:CVE-2022-43448

cvelist1 cve1 prion1