Lucene search

K
nvd[email protected]NVD:CVE-2022-45432
HistoryDec 27, 2022 - 6:15 p.m.

CVE-2022-45432

2022-12-2718:15:10
web.nvd.nist.gov
cve-2022-45432
dahua software
unauthenticated search
firewall bypass
crafted packet
remote dss server

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

30.7%

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.

Affected configurations

NVD
Node
dahuasecuritydhi-dss7016d-s2_firmwareMatch1.001.0000001.2
OR
dahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.2
OR
dahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.4
OR
dahuasecuritydhi-dss7016d-s2_firmwareMatch8.1
AND
dahuasecuritydhi-dss7016d-s2Match-
Node
dahuasecuritydhi-dss7016dr-s2_firmwareMatch1.001.0000001.2
OR
dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.2
OR
dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.4
OR
dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.1
AND
dahuasecuritydhi-dss7016dr-s2Match-
Node
dahuasecuritydhi-dss4004-s2_firmwareMatch1.001.0000001.2
OR
dahuasecuritydhi-dss4004-s2_firmwareMatch8.0.2
OR
dahuasecuritydhi-dss4004-s2_firmwareMatch8.0.4
OR
dahuasecuritydhi-dss4004-s2_firmwareMatch8.1
AND
dahuasecuritydhi-dss4004-s2Match-
Node
dahuasecuritydss_expressMatch7.002.1760000.2
OR
dahuasecuritydss_expressMatch8.0.2
OR
dahuasecuritydss_expressMatch8.0.4
OR
dahuasecuritydss_expressMatch8.1
OR
dahuasecuritydss_expressMatch8.1.1
OR
dahuasecuritydss_professionalMatch7.002.1760000.2
OR
dahuasecuritydss_professionalMatch8.0.2
OR
dahuasecuritydss_professionalMatch8.0.4
OR
dahuasecuritydss_professionalMatch8.1
OR
dahuasecuritydss_professionalMatch8.1.1
AND
microsoftwindowsMatch-

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

30.7%

Related for NVD:CVE-2022-45432