CVE-2022-1077

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://vuldb.com/?id.194848	Third Party Advisory
https://vuldb.com/?id.194848	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tem:flex-1085_firmware:1.6.0:*:*:*:*:*:*:*

cpe:2.3:h:tem:flex-1085:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:tem:flex-1080_firmware:1.6.0:*:*:*:*:*:*:*

cpe:2.3:h:tem:flex-1080:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:39

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?id.194848 - Third Party Advisory~~	() https://vuldb.com/?id.194848 - Third Party Advisory
CVSS	v2 : ~~5.0~~ v3 : ~~7.5~~	v2 : 5.0 v3 : 5.3

27 Jun 2023, 16:38

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-425

Information

Published : 2022-03-29 06:15

Updated : 2024-11-21 06:39

NVD link : CVE-2022-1077

Mitre link : CVE-2022-1077

CVE.ORG link : CVE-2022-1077

JSON object : View

Products Affected

tem

flex-1080
flex-1080_firmware
flex-1085
flex-1085_firmware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-425

Direct Request ('Forced Browsing')

{"id": "CVE-2022-1077", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-29T06:15:07.507", "references": [{"url": "https://vuldb.com/?id.194848", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.194848", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-425"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en TEM FLEX-1080 y FLEX-1085 versi\u00f3n 1.6.0. ha sido declarada como problem\u00e1tica. Esta vulnerabilidad del archivo log.cgi del componente Log Handler. Una petici\u00f3n directa conlleva a una divulgaci\u00f3n de informaci\u00f3n de hardware. El ataque puede iniciarse de forma remota y no requiere ninguna forma de autenticaci\u00f3n"}], "lastModified": "2024-11-21T06:39:59.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tem:flex-1085_firmware:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FDC0E78-C749-4700-9B0B-C4B7B7C0AD86"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tem:flex-1085:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB6C6F9C-1115-42A2-8CFF-CE4D091F539F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tem:flex-1080_firmware:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5549783-C02E-406E-BB4F-D1EAE1EFE47A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tem:flex-1080:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3FE921B-D44C-4771-A8F6-34824E740936"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cna@vuldb.com"}