CVE-2022-45778

{"id": "CVE-2022-45778", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-12-27T22:15:14.880", "references": [{"url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m."}, {"lang": "es", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 &lt;= 5.0.4.0 es vulnerable a un control de acceso incorrecto. Existe una vulnerabilidad de omisi\u00f3n de permisos en el firewall de la aplicaci\u00f3n WEB de Hillstone. Un atacante puede ingresar al fondo del firewall con privilegios de superadministrador a trav\u00e9s de un error de configuraci\u00f3n en report.m."}], "lastModified": "2024-11-21T07:29:41.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv02_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8AFFD44-DC56-4807-809F-1C87986DB9B3", "versionEndIncluding": "5.0.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv02:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D17353A-7A6C-4AA2-8B72-63DA5A8F3DFD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv04_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE5501A2-FC15-4B25-8D7C-750D935410B2", "versionEndIncluding": "5.0.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv04:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08DE2243-8111-4E8B-8A7A-F6D74C41C99A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv08_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFEDD085-0FBD-4947-99F6-3CD5448AEC06", "versionEndIncluding": "5.0.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv08:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F275043-11DA-4065-B1D6-A91526F38748"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv12_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F1A59B9-8C07-4D7A-AB11-A72A2E173C22", "versionEndIncluding": "5.0.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06E3EC96-B253-4310-9E75-93AC09BCCE48"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}