exploitDog

CVE-2022-3372

Опубликовано: 21 июн. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/cross-site-request-forgery-csrf-riello-ups-netman-204
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/cross-site-request-forgery-csrf-riello-ups-netman-204
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:riello-ups:netman_204_firmware:02.05:*:*:*:*:*:*:*

cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.0021

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-gjhf-g3gr-6f2m

CVSS3: 8.8

github

больше 2 лет назад

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.

EPSS

Процентиль: 43%

0.0021

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

CWE-352