CVE-2022-33175

{"id": "CVE-2022-33175", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-13T18:15:10.283", "references": [{"url": "https://gynvael.coldwind.pl/?lang=en&id=748", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gynvael.coldwind.pl/?lang=en&id=748", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device."}, {"lang": "es", "value": "Las unidades de distribuci\u00f3n de energ\u00eda que son ejecutadas con el firmware de Powertek (varias marcas) versiones anteriores a 3.30.30, presentan una configuraci\u00f3n de permisos no segura en el campo user.token que es accesible para todos mediante la API HTTP /cgi/get_param.cgi. Esto conlleva a una revelaci\u00f3n de los identificadores de sesi\u00f3n activos de los administradores actualmente conectados. El identificador de sesi\u00f3n puede entonces ser reusado para actuar como administrador, permitiendo una lectura de la contrase\u00f1a en texto sin cifrar, o la reconfiguraci\u00f3n del dispositivo"}], "lastModified": "2024-11-21T07:07:39.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:basic_pdu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24FD9B82-5D75-491E-9D64-19B673378568", "versionEndExcluding": "3.30.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:basic_pdu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "960D65C6-F07C-4B85-8381-E90AE84F1A3B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:pm_pdu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8331ED3-08F5-4262-8F10-6ABE8394764D", "versionEndExcluding": "3.30.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:pm_pdu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA48F31E-2ACD-4E3C-870E-726A38C04EB1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:piml_pdu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5AABA79-C8D8-4C7F-8140-8B95E176CE3D", "versionEndExcluding": "3.30.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:piml_pdu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5BBF300E-47B2-47FF-91C9-B0EA4473C476"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_pim_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72E649EC-CCAC-4D52-9917-AF5F98D9A385", "versionEndExcluding": "3.30.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_pim:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF6DEFFC-E208-42AA-9A86-9BEC62A95362"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_pos_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89A6F4C3-CA16-4CE4-BBBC-B477A8CF58AC", "versionEndExcluding": "3.30.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_pos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "733D34C9-2249-4D5B-8CBC-C905B8FD0CF5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_pom_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B2899F7-848E-4115-A5CA-E8372538999D", "versionEndExcluding": "3.30.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_pom:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BFEFC68A-5C05-4D12-9A53-AAC7E74C164B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_poms_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A783F76-C41A-4295-B2F6-E9BD9D5AC6B5", "versionEndExcluding": "3.30.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_poms:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5C57A1A7-ED1B-46E5-A708-435FF8105DA7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}