CVE-2022-32985

{"id": "CVE-2022-32985", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-07-17T23:15:09.060", "references": [{"url": "https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201."}, {"lang": "es", "value": "El archivo libnx_apl.so en Nexans FTTO GigaSwitch versiones anteriores a 6.02N y versiones 7.x anteriores a 7.02, implementa una cuenta de puerta trasera para los inicios de sesi\u00f3n SSH en el puerto 50200 o 50201"}], "lastModified": "2022-07-25T21:16:57.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F130901E-4D8F-4036-BB59-78A5A09A4B38", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FBE97B6-6B70-4F20-B4E2-984872B9851F", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_641_desk_v5_sfp-vi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01E53A0B-FDEF-4AB5-AFC8-E32F5FDF7E1A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCAB8644-7C58-4447-B9CF-F89114CF09FF", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6D07D42-0290-437F-AC78-B601B793DE42", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_642_desk_v5_sfp-2vi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6AE029D9-A834-4F8E-9D31-2995CD662A30"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pd-f\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD36F20F-657B-40B9-A0BE-BC618925DD03", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pd-f\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B4FEBD1-5DF2-4A41-97DB-6D1BDF7F6C7B", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_2tp\\(pd-f\\+\\)_sfp-vi_54vdc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26DC7E05-780F-4619-B9CA-791F8A800CB5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pse\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A06836D-0277-42FB-89A7-F447A8965949", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pse\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E9D8E02-2F9B-4162-AA10-5DDF737E2917", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_2tp\\(pse\\+\\)_sfp-vi_54vdc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2EC7A7E6-8372-4524-A670-D25F72DC2136"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA8E1089-06DF-4037-A64A-62605B85BAAB", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8307E535-1C06-4F95-B5C0-E05607EC40CB", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2505199-CA23-4240-AB85-61A871D61A57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "254E133B-73D6-44F5-80FF-42292F0DC2E2", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07DC03AC-D4AC-472D-9AFB-6EB88762FC5A", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_sfp-2vi_230vac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1597D8F8-7997-4CFE-AA01-F973894745C6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "378B152F-C30A-4CE2-927E-B6568BB319C7", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7ED3A23-42FF-46E7-86A5-449E86126F2D", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBDD9F34-59FB-48B1-A7AB-CA4149BFF294"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "399951C7-0507-4A6A-93BB-E395B30C20F9", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC63EDA8-7F04-4BB1-B697-7393F7A95BCC", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_ind:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A366AC40-7F7C-473D-9CC2-CED9768BDA3D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EA2A765-1CE5-4C18-A32F-B02FDCBAF93B", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E813952-F099-46D3-B042-5C3099745EF4", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_med:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23ED5429-62BF-442D-A99A-B98EA8AFF063"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B490CF52-7C24-4D21-9451-AB85C3BEC82B", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03163410-20A5-45CB-BBF4-D7ED19AB452F", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33EB6A88-9015-4F2D-A820-E982016B3F9F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CD0607F-8124-4478-A550-6E19C8CA2948", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B00F440-6229-4C48-89FA-F32CCEB16877", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59BFE60D-A94C-4C86-9D60-FED3694CCE1B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B6720C6-3BFA-4990-B285-F3B56C452274", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1795910D-46E2-44E9-AA4A-4C5F8B85079A", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A723AEC-BD82-437D-B35E-E15F440A56E6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE47298-6058-4086-BD59-B5AC3115029D", "versionEndExcluding": "6.02n"}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7B4CA67-58AB-4B69-A80C-4C828D0D8D4D", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-vi_230vac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98ACC6A5-5030-40DA-8D0E-C0AFF94D3748"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}