CVE-2022-1077

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://vuldb.com/?id.194848	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tem:flex-1085_firmware:1.6.0:*:*:*:*:*:*:*

cpe:2.3:h:tem:flex-1085:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:tem:flex-1080_firmware:1.6.0:*:*:*:*:*:*:*

cpe:2.3:h:tem:flex-1080:-:*:*:*:*:*:*:*

History

27 Jun 2023, 16:38

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-425

Information

Published : 2022-03-29 06:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-1077

Mitre link : CVE-2022-1077

CVE.ORG link : CVE-2022-1077

JSON object : View

Products Affected

tem

flex-1080
flex-1085
flex-1085_firmware
flex-1080_firmware

CWE

CWE-425

Direct Request ('Forced Browsing')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2022-1077", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-03-29T06:15:07.507", "references": [{"url": "https://vuldb.com/?id.194848", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-425"}]}, {"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en TEM FLEX-1080 y FLEX-1085 versi\u00f3n 1.6.0. ha sido declarada como problem\u00e1tica. Esta vulnerabilidad del archivo log.cgi del componente Log Handler. Una petici\u00f3n directa conlleva a una divulgaci\u00f3n de informaci\u00f3n de hardware. El ataque puede iniciarse de forma remota y no requiere ninguna forma de autenticaci\u00f3n"}], "lastModified": "2023-06-27T16:38:28.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tem:flex-1085_firmware:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FDC0E78-C749-4700-9B0B-C4B7B7C0AD86"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tem:flex-1085:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB6C6F9C-1115-42A2-8CFF-CE4D091F539F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tem:flex-1080_firmware:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5549783-C02E-406E-BB4F-D1EAE1EFE47A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tem:flex-1080:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3FE921B-D44C-4771-A8F6-34824E740936"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cna@vuldb.com"}