exploitDog

CVE-2022-45562

Опубликовано: 02 дек. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.

Ссылки

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562
Exploit
Third Party Advisory
https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.4.9 (включая)

cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00249

Низкий

8.8 High

CVSS3

Дефекты

CWE-276

CWE-276

Связанные уязвимости

GHSA-5v2x-f677-rw5j

CVSS3: 8.8

github

около 3 лет назад

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.

EPSS

Процентиль: 48%

0.00249

Низкий

8.8 High

CVSS3

Дефекты

CWE-276

CWE-276