exploitDog

CVE-2022-40494

Опубликовано: 06 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.

Ссылки

https://blog.carrot2.cn/2022/08/cve-2022-40494.html
Exploit
Third Party Advisory
https://github.com/1security/Vulnerability/blob/main/web/nps/1.md
Broken Link
https://blog.carrot2.cn/2022/08/cve-2022-40494.html
Exploit
Third Party Advisory
https://github.com/1security/Vulnerability/blob/main/web/nps/1.md
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ehang-io:nps:*:*:*:*:*:*:*:*

Версия от 0.19.0 (включая) до 0.26.10 (включая)

EPSS

Процентиль: 94%

0.14899

Средний

9.8 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-xfw6-m86r-mwwx

CVSS3: 9.8

github

больше 3 лет назад

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.

EPSS

Процентиль: 94%

0.14899

Средний

9.8 Critical

CVSS3

Дефекты

CWE-287