CVE-2022-47891

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

A

ll versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.

References

Link	Resource
https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups	Third Party Advisory
https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 8.1
References	~~() https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups - Third Party Advisory~~	() https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups - Third Party Advisory

Information

Published : 2023-10-03 12:15

Updated : 2024-11-21 07:32

NVD link : CVE-2022-47891

Mitre link : CVE-2022-47891

CVE.ORG link : CVE-2022-47891

JSON object : View

Products Affected

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2022-47891", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-03T12:15:09.957", "references": [{"url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function."}, {"lang": "es", "value": "Todas las versiones de NetMan 204 permiten que un atacante que conozca la MAC y el n\u00famero de serie del dispositivo restablezca la contrase\u00f1a del administrador a trav\u00e9s de la funci\u00f3n de recuperaci\u00f3n leg\u00edtima."}], "lastModified": "2024-11-21T07:32:28.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2421B6CC-83B0-43FF-87AB-91747100461D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06001306-7B00-453C-9C45-17E5A64DF4C2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}