CVE-2022-28944

{"id": "CVE-2022-28944", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-05-23T18:16:11.997", "references": [{"url": "http://emco.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://msi.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://github.com/gerr-re/cve-2022-28944/blob/main/cve-2022-28944_public-advisory.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. \u00b6\u00b6 Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process."}, {"lang": "es", "value": "Algunos productos de software de EMCO est\u00e1n afectados por: CWE-494: Descarga de C\u00f3digo sin Comprobaci\u00f3n de Integridad. Esto afecta a MSI Package Builder para Windows versi\u00f3n 9.1.4 y Remote Installer para Windows versi\u00f3n 6.0.13 y Ping Monitor para Windows versi\u00f3n 8.0.18 y Remote Shutdown para Windows versi\u00f3n 7.2.2 y WakeOnLan versi\u00f3n 2.0.8 y Network Inventory para Windows versi\u00f3n 5.8.22 y Network Software Scanner para Windows versi\u00f3n 2.0.8 y UnLock IT para Windows versi\u00f3n 6.1.1. El impacto es: ejecutar c\u00f3digo arbitrario (remoto). El componente es: Updater. El vector de ataque es: Para explotar esta vulnerabilidad, un usuario debe desencadenar una actualizaci\u00f3n de una instalaci\u00f3n afectada de EMCO Software. \u00b6\u00b6 M\u00faltiples productos de EMCO Software est\u00e1n afectados por una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota durante el proceso de actualizaci\u00f3n"}], "lastModified": "2022-06-07T15:08:23.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emcosoftware:msi_package_builder:9.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D69E8299-29C0-4621-8CFE-34EF07346185"}, {"criteria": "cpe:2.3:a:emcosoftware:network_inventory:5.8.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "984407E1-B474-43BE-878D-1375D2A6F967"}, {"criteria": "cpe:2.3:a:emcosoftware:network_software_scanner:2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "823B76EF-D4D0-406E-9926-69786833C6A1"}, {"criteria": "cpe:2.3:a:emcosoftware:ping_monitor:8.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50549A02-466E-4B49-BB24-0C20874C612A"}, {"criteria": "cpe:2.3:a:emcosoftware:remote_installer:6.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B189D2DE-16E8-4C32-BE9E-C45CB085B3B4"}, {"criteria": "cpe:2.3:a:emcosoftware:remote_shutdown:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC0444D-B02A-4A32-836D-C1169FAB244E"}, {"criteria": "cpe:2.3:a:emcosoftware:unlock_it:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D435F75-2887-4E47-9390-BAD507949DDC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emcosoftware:wakeonlan:2.0.8:*:*:*:free:*:*:*", "vulnerable": true, "matchCriteriaId": "EE9D5E0A-D00F-4BEA-8D1B-54A252EF0BF6"}, {"criteria": "cpe:2.3:a:emcosoftware:wakeonlan:2.0.8:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "AE4BD0F1-EB96-4129-9159-12DDDC5F7441"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}