CVE-2022-44718

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

A

n issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.

References

Link	Resource
https://www.netscout.com/securityadvisories	Vendor Advisory
https://www.netscout.com/securityadvisories	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:netscout:ngeniusone:6.3.2:build904:*:*:*:*:*:*

History

21 Nov 2024, 07:28

Type	Values Removed	Values Added
References	~~() https://www.netscout.com/securityadvisories - Vendor Advisory~~	() https://www.netscout.com/securityadvisories - Vendor Advisory

Information

Published : 2023-01-27 14:15

Updated : 2025-03-28 16:15

NVD link : CVE-2022-44718

Mitre link : CVE-2022-44718

CVE.ORG link : CVE-2022-44718

JSON object : View

Products Affected

ngeniusone

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2022-44718", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}]}, "published": "2023-01-27T14:15:11.347", "references": [{"url": "https://www.netscout.com/securityadvisories", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.netscout.com/securityadvisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-601"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en NetScout nGeniusONE 6.3.2 build 904. Puede ocurrir una redirecci\u00f3n abierta (problema 2 de 2). Despu\u00e9s de iniciar sesi\u00f3n correctamente, un atacante debe visitar el par\u00e1metro vulnerable e inyectar un payload manipulado para redirigir exitosamente a un host desconocido. El vector de ataque es la red y la complejidad del ataque requerida es alta. Los privilegios requeridos son de administrador, se requiere interacci\u00f3n del usuario y el alcance no cambia. El usuario debe visitar el par\u00e1metro vulnerable e inyectar un payload manipulado para redirigir exitosamente a un host desconocido."}], "lastModified": "2025-03-28T16:15:21.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.2:build904:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47C284CB-BC1D-48C5-BFCA-7702FAB68365"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}