exploitDog

CVE-2022-45482

Опубликовано: 02 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/
Third Party Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lazy_mouse_project:lazy_mouse:*:*:*:*:*:*:*:*

Версия до 2.0.1 (включая)

EPSS

Процентиль: 83%

0.01856

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-521

CWE-521

Связанные уязвимости

GHSA-2wh4-9v67-69x7

CVSS3: 9.8

github

около 3 лет назад

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Процентиль: 83%

0.01856

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-521

CWE-521

Уязвимость CVE-2022-45482