CVE-2022-3010

{"id": "CVE-2022-3010", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-02T19:15:09.783", "references": [{"url": "https://csirt.divd.nl/CVE-2022-3010", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2022-00035", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/CVE-2022-3010", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://csirt.divd.nl/DIVD-2022-00035", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-1391"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-916"}]}], "descriptions": [{"lang": "en", "value": "The Priva TopControl Suite contains\u00a0predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite."}, {"lang": "es", "value": "Priva TopControl Suite contiene credenciales predecibles para el servicio SSH, basadas en el n\u00famero de serie. Lo que hace posible que un atacante calcule las credenciales de inicio de sesi\u00f3n para la suite Priva TopControll."}], "lastModified": "2024-11-21T07:18:37.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32C20BD5-643F-436B-AE1A-0FBDC39910B2", "versionEndIncluding": "8.7.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "csirt@divd.nl"}