Lucene search

[email protected]NVD:CVE-2022-43470

HistoryDec 05, 2022 - 4:15 a.m.

CVE-2022-43470

2022-12-0504:15:10

CWE-352

[email protected]

web.nvd.nist.gov

cross-site request forgery

software vulnerability

adjacent attacker

hijack authentication

administrator

reset configuration

7.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

21.8%

JSON

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user’s unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.

Affected configurations

NVD

Node

fsifs040u_firmwareRange≤2.3.4

AND

fsifs040uMatch-

Node

fsifs020w_firmwareRange≤4.0.0

AND

fsifs020wMatch-

Node

fsifs030w_firmwareRange≤3.3.5

AND

fsifs030wMatch-

Node

fsifs040w_firmwareRange≤1.4.1

AND

fsifs040wMatch-

References

jvn.jp/en/jp/JVN74285622/index.html

www.fsi.co.jp/mobile/plusF/news/22102801.html

www.fsi.co.jp/mobile/plusF/news/22102802.html

www.fsi.co.jp/mobile/plusF/news/22102803.html

www.fsi.co.jp/mobile/plusF/news/22102804.html

7.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for NVD:CVE-2022-43470

cvelist1 prion1 cve1 jvn1