CVE-2022-3090

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-3090

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

R

ed Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:-:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_477.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_493.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_493.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_493.005:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_502.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_502.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_502.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_515.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_515.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_523.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_530.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_530.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_530.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_530.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_548.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_548.005:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_573.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_573.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_579.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_579.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_582.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_582.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_582.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_582.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_599.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_599.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_603.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_605.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_615.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_619.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_619.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_624.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_624.005:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_635.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_635.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_639.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_640.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_640.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_640.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_647.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_657.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_657.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_662.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_662.006:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_675.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_678.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_683.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_683.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_683.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_690.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_690.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_693.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_694.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_697.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_697.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_697.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_700.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_702.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_702.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_703.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_705.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.0:build_707.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:-:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3100.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3100.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3100.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3100.008:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3100.009:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3100.010:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3101.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3104.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3106.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3106.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3108.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3108.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3109.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3109.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3110.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3110.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3110.004:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3111.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3112.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3113.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3114.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3115.006:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3115.008:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3115.009:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3116.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3119.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3119.002:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3120.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3120.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3121.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3122.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3122.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3123.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3123.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3124.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3125.003:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3125.006:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3125.007:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3126.000:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.1:build_3126.001:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:-:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0031.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0035.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0036.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0040.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0041.0:*:*:*:*:*:*
cpe:2.3:a:redlion:crimson:3.2:build_3.2.0044.0:*:*:*:*:*:*
History

21 Nov 2024, 07:18

Type Values Removed Values Added
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 7.5
Information

Published : 2022-11-17 22:15

Updated : 2024-11-21 07:18

NVD link : CVE-2022-3090

Mitre link : CVE-2022-3090

CVE.ORG link : CVE-2022-3090

JSON object : View

Products Affected

redlion

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')