CVE-2022-45778
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
53.4%
https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hillstonenet | sc-6000-wv02_firmware | * | cpe:2.3:o:hillstonenet:sc-6000-wv02_firmware:*:*:*:*:*:*:*:* |
| hillstonenet | sc-6000-wv02 | - | cpe:2.3:h:hillstonenet:sc-6000-wv02:-:*:*:*:*:*:*:* |
| hillstonenet | sc-6000-wv04_firmware | * | cpe:2.3:o:hillstonenet:sc-6000-wv04_firmware:*:*:*:*:*:*:*:* |
| hillstonenet | sc-6000-wv04 | - | cpe:2.3:h:hillstonenet:sc-6000-wv04:-:*:*:*:*:*:*:* |
| hillstonenet | sc-6000-wv08_firmware | * | cpe:2.3:o:hillstonenet:sc-6000-wv08_firmware:*:*:*:*:*:*:*:* |
| hillstonenet | sc-6000-wv08 | - | cpe:2.3:h:hillstonenet:sc-6000-wv08:-:*:*:*:*:*:*:* |
| hillstonenet | sc-6000-wv12_firmware | * | cpe:2.3:o:hillstonenet:sc-6000-wv12_firmware:*:*:*:*:*:*:*:* |
| hillstonenet | sc-6000-wv12 | - | cpe:2.3:h:hillstonenet:sc-6000-wv12:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
53.4%