CVE-2022-40305

{"id": "CVE-2022-40305", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-09-09T05:15:07.817", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-023.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form."}, {"lang": "es", "value": "Un problema de tipo Server-Side Request Forgery en Canto Cumulus versiones hasta 11.1.3, permite a atacantes enumerar la red interna, sobrecargar los recursos de la red y posiblemente tener otro impacto no especificado por medio del par\u00e1metro del servidor al formulario de inicio de sesi\u00f3n /cwc/login"}], "lastModified": "2022-09-10T03:53:43.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canto:canto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A92B918-72CF-4E7C-8EA8-93DBD82C40EE", "versionEndIncluding": "11.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}