CVE-2021-22825

Опубликовано: 28 янв. 2022

Источник: nvd

CVSS3: 8

CVSS2: 6

EPSS Низкий

Описание

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:schneider-electric:rack_power_distribution_unit_with_network_management_card_2_firmware:*:*:*:*:*:*:*:*

Версия до 7.0.6 (исключая)

cpe:2.3:h:schneider-electric:rack_power_distribution_unit_with_network_management_card_2:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:schneider-electric:rack_power_distribution_unit_with_network_management_card_3_firmware:*:*:*:*:*:*:*:*

Версия до 1.2.0.2 (исключая)

cpe:2.3:h:schneider-electric:rack_power_distribution_unit_with_network_management_card_3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00379

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-mfxr-wxm4-4j5r