CVE-2022-44718

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.netscout.com/securityadvisories	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:netscout:ngeniusone:6.3.2:build904:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-27 14:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-44718

Mitre link : CVE-2022-44718

CVE.ORG link : CVE-2022-44718

JSON object : View

Products Affected

netscout

ngeniusone

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2022-44718", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}]}, "published": "2023-01-27T14:15:11.347", "references": [{"url": "https://www.netscout.com/securityadvisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en NetScout nGeniusONE 6.3.2 build 904. Puede ocurrir una redirecci\u00f3n abierta (problema 2 de 2). Despu\u00e9s de iniciar sesi\u00f3n correctamente, un atacante debe visitar el par\u00e1metro vulnerable e inyectar un payload manipulado para redirigir exitosamente a un host desconocido. El vector de ataque es la red y la complejidad del ataque requerida es alta. Los privilegios requeridos son de administrador, se requiere interacci\u00f3n del usuario y el alcance no cambia. El usuario debe visitar el par\u00e1metro vulnerable e inyectar un payload manipulado para redirigir exitosamente a un host desconocido."}], "lastModified": "2023-02-07T21:59:26.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.2:build904:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47C284CB-BC1D-48C5-BFCA-7702FAB68365"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}