CVE-2022-45562

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562	Exploit Third Party Advisory
https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:29

Type	Values Removed	Values Added
References	~~() https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562 - Exploit, Third Party Advisory~~	() https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562 - Exploit, Third Party Advisory

Information

Published : 2022-12-02 03:15

Updated : 2024-11-21 07:29

NVD link : CVE-2022-45562

Mitre link : CVE-2022-45562

CVE.ORG link : CVE-2022-45562

JSON object : View

Products Affected

telosalliance

omnia_mpx_node
omnia_mpx_node_firmware

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2022-45562", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-02T03:15:09.387", "references": [{"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access."}, {"lang": "es", "value": "Los permisos inseguros en Telos Alliance Omnia MPX Node v1.0.0 a v1.4.9 permiten a los atacantes manipular y acceder a la configuraci\u00f3n del sistema con privilegios bajos de la cuenta de backdoor, lo que puede llevar a cambiar la configuraci\u00f3n del hardware y ejecutar comandos arbitrarios en funciones vulnerables del sistema que requieren altos privilegios para acceso."}], "lastModified": "2024-11-21T07:29:27.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A113AF7-AFBC-4349-9092-5211AF313CA9", "versionEndIncluding": "1.4.9", "versionStartIncluding": "1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8ADBE36A-36A9-4F2B-93A5-DBF192B4405A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}