Lucene search

[email protected]NVD:CVE-2022-45938

HistoryJun 02, 2023 - 4:15 a.m.

CVE-2022-45938

2023-06-0204:15:47

CWE-79

[email protected]

web.nvd.nist.gov

comcast

microeisbss

2021

xss

rce

remote code execution

privilege escalation

device id field

inventory management

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation…

Affected configurations

Nvd

Node

xfinitycomcast_defined_technologies_microeisbssRange≤2021

VendorProductVersionCPE
xfinitycomcast_defined_technologies_microeisbss*cpe:2.3:a:xfinity:comcast_defined_technologies_microeisbss:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xfinity	comcast_defined_technologies_microeisbss	*	cpe:2.3:a:xfinity:comcast_defined_technologies_microeisbss::::::::

References

my.xfinity.com/vulnerabilityreport

pensecure.medium.com/cve-2022-45938-f4c0d441da6f

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

Related for NVD:CVE-2022-45938

cvelist1 prion1 cve1