CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2021-44057 (GCVE-0-2021-44057)
Vulnerability from cvelistv5 – Published: 2022-05-05 16:50 – Updated: 2024-09-16 22:56
VLAI
Title
Improper authentication in Photo Station
Summary
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later
Severity
7.1 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-15 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Photo Station |
Affected:
unspecified , < 6.0.20 ( 2022/02/15 )
(custom)
Affected: unspecified , < 5.7.16 ( 2022/02/11 ) (custom) Affected: unspecified , < 5.4.13 ( 2022/02/11 ) (custom) |
Date Public
2022-05-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "6.0.20 ( 2022/02/15 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "5.7.16 ( 2022/02/11 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "5.4.13 ( 2022/02/11 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thomas Fady"
}
],
"datePublic": "2022-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T16:50:29.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-15"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Photo Station:\nPhoto Station 6.0.20 ( 2022/02/15 ) and later\nPhoto Station 5.7.16 ( 2022/02/11 ) and later\nPhoto Station 5.4.13 ( 2022/02/11 ) and later"
}
],
"source": {
"advisory": "QSA-22-15",
"discovery": "EXTERNAL"
},
"title": "Improper authentication in Photo Station",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-05-06T00:00:00.000Z",
"ID": "CVE-2021-44057",
"STATE": "PUBLIC",
"TITLE": "Improper authentication in Photo Station"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Station",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.20 ( 2022/02/15 )"
},
{
"version_affected": "\u003c",
"version_value": "5.7.16 ( 2022/02/11 )"
},
{
"version_affected": "\u003c",
"version_value": "5.4.13 ( 2022/02/11 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thomas Fady"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-15",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-15"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Photo Station:\nPhoto Station 6.0.20 ( 2022/02/15 ) and later\nPhoto Station 5.7.16 ( 2022/02/11 ) and later\nPhoto Station 5.4.13 ( 2022/02/11 ) and later"
}
],
"source": {
"advisory": "QSA-22-15",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-44057",
"datePublished": "2022-05-05T16:50:29.108Z",
"dateReserved": "2021-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:56:14.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44458 (GCVE-0-2021-44458)
Vulnerability from cvelistv5 – Published: 2022-01-10 15:05 – Updated: 2024-08-04 04:25
VLAI
Title
Lack of websocket authentication in Lens causes remote code execution when visiting a malicious website
Summary
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
Severity
8.3 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Mirantis/security/blob/main/ad… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "Lens",
"vendor": "Mirantis",
"versions": [
{
"lessThanOrEqual": "5.2.6",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim\u0027s browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:05:44.000Z",
"orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"shortName": "Mirantis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0001.md"
}
],
"source": {
"advisory": "0001",
"discovery": "INTERNAL"
},
"title": "Lack of websocket authentication in Lens causes remote code execution when visiting a malicious website",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mirantis.com",
"ID": "CVE-2021-44458",
"STATE": "PUBLIC",
"TITLE": "Lack of websocket authentication in Lens causes remote code execution when visiting a malicious website"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lens",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_name": "5.2",
"version_value": "5.2.6"
}
]
}
}
]
},
"vendor_name": "Mirantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim\u0027s browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mirantis/security/blob/main/advisories/0001.md",
"refsource": "MISC",
"url": "https://github.com/Mirantis/security/blob/main/advisories/0001.md"
}
]
},
"source": {
"advisory": "0001",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"assignerShortName": "Mirantis",
"cveId": "CVE-2021-44458",
"datePublished": "2022-01-10T15:05:44.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44759 (GCVE-0-2021-44759)
Vulnerability from cvelistv5 – Published: 2022-03-23 14:05 – Updated: 2024-08-04 04:32
VLAI
Title
Improper authentication vulnerability in TLS origin verification
Summary
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.
Severity
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/zblwzcfs9ryhwjr89… | x_refsource_MISC |
| https://www.debian.org/security/2022/dsa-5153 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Traffic Server |
Affected:
8.0.0 to 8.1.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:12.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6"
},
{
"name": "DSA-5153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Traffic Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "8.0.0 to 8.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Traffic Server would like to thank Takuya Kitano for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T10:06:38.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6"
},
{
"name": "DSA-5153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper authentication vulnerability in TLS origin verification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44759",
"STATE": "PUBLIC",
"TITLE": "Improper authentication vulnerability in TLS origin verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Server",
"version": {
"version_data": [
{
"version_value": "8.0.0 to 8.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Traffic Server would like to thank Takuya Kitano for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6"
},
{
"name": "DSA-5153",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44759",
"datePublished": "2022-03-23T14:05:20.000Z",
"dateReserved": "2021-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:12.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45035 (GCVE-0-2021-45035)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:02 – Updated: 2025-05-22 18:24
VLAI
Title
Velneo vClient Improper authentication
Summary
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.
Severity
6.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.incibe-cert.es/en/early-warning/secur… | x_refsource_CONFIRM |
| https://velneo.es/publicacion-de-incidencia-de-se… | x_refsource_CONFIRM |
| https://www.velneo.com/blog/nueva-revision-velneo-29-2 | x_refsource_MISC |
| https://doc.velneo.com/v/29/velneo/notas-de-la-ve… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Velneo | Velneo vClient |
Affected:
28.1.3
|
Date Public
2022-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:44:57.452184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:24:43.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Velneo vClient",
"vendor": "Velneo",
"versions": [
{
"status": "affected",
"version": "28.1.3"
}
]
}
],
"datePublic": "2022-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user\u00b4s credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T19:36:39.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Velneo team in the 29.2 version, released on 29/06/2021."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Velneo vClient Improper authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-09-16T08:00:00.000Z",
"ID": "CVE-2021-45035",
"STATE": "PUBLIC",
"TITLE": "Velneo vClient Improper authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Velneo vClient",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "28.1.3",
"version_value": "28.1.3"
}
]
}
}
]
},
"vendor_name": "Velneo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user\u00b4s credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication"
},
{
"name": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/",
"refsource": "CONFIRM",
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/"
},
{
"name": "https://www.velneo.com/blog/nueva-revision-velneo-29-2",
"refsource": "MISC",
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
},
{
"name": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados",
"refsource": "MISC",
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Velneo team in the 29.2 version, released on 29/06/2021."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-45035",
"datePublished": "2022-09-23T15:02:18.737Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:24:43.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45917 (GCVE-0-2021-45917)
Vulnerability from cvelistv5 – Published: 2022-01-03 10:10 – Updated: 2024-09-16 20:32
VLAI
Title
SUN & MOON RISE CO., LTD. Shockwall - Improper Authentication
Summary
The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.
Severity
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SUN & MOON RISE CO., LTD. | Shockwall |
Affected:
unspecified , < 7.20.0401
(custom)
|
Date Public
2021-12-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shockwall",
"vendor": "SUN \u0026 MOON RISE CO., LTD.",
"versions": [
{
"lessThan": "7.20.0401",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T10:10:21.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from SUN \u0026 MOON RISE CO., LTD."
}
],
"source": {
"advisory": "TVN-202109021",
"discovery": "EXTERNAL"
},
"title": "SUN \u0026 MOON RISE CO., LTD. Shockwall - Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-12-30T08:40:00.000Z",
"ID": "CVE-2021-45917",
"STATE": "PUBLIC",
"TITLE": "SUN \u0026 MOON RISE CO., LTD. Shockwall - Improper Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shockwall",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.20.0401"
}
]
}
}
]
},
"vendor_name": "SUN \u0026 MOON RISE CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from SUN \u0026 MOON RISE CO., LTD."
}
],
"source": {
"advisory": "TVN-202109021",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-45917",
"datePublished": "2022-01-03T10:10:21.764Z",
"dateReserved": "2021-12-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:34.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0342 (GCVE-0-2022-0342)
Vulnerability from cvelistv5 – Published: 2022-03-28 12:05 – Updated: 2024-08-02 23:25
VLAI
Summary
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
Severity
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zyxel.com/support/Zyxel-security-advi… | x_refsource_CONFIRM |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zyxel | USG/ZyWALL series firmware |
Affected:
4.20 through 4.70
|
|
| Zyxel | USG FLEX series firmware |
Affected:
4.50 through 5.20
|
|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.20
|
|
| Zyxel | VPN series firmware |
Affected:
4.30 through 5.20
|
|
| Zyxel | NSG series firmware |
Affected:
1.20 through 1.33 Patch 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG/ZyWALL series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.20 through 4.70"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.20"
}
]
},
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.20"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.20"
}
]
},
{
"product": "NSG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "1.20 through 1.33 Patch 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T12:05:11.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG/ZyWALL series firmware",
"version": {
"version_data": [
{
"version_value": "4.20 through 4.70"
}
]
}
},
{
"product_name": "USG FLEX series firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.20"
}
]
}
},
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
{
"version_value": "4.32 through 5.20"
}
]
}
},
{
"product_name": "VPN series firmware",
"version": {
"version_data": [
{
"version_value": "4.30 through 5.20"
}
]
}
},
{
"product_name": "NSG series firmware",
"version": {
"version_data": [
{
"version_value": "1.20 through 1.33 Patch 4"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-0342",
"datePublished": "2022-03-28T12:05:11.000Z",
"dateReserved": "2022-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0492 (GCVE-0-2022-0492)
Vulnerability from cvelistv5 – Published: 2022-03-03 00:00 – Updated: 2024-08-02 23:32
VLAI
Summary
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Severity
No CVSS data available.
CWE
Assigner
References
10 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5095",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5095"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220419-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.17 rc3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:06:18.421Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5095",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5095"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220419-0002/"
},
{
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0492",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2022-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:45.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0715 (GCVE-0-2022-0715)
Vulnerability from cvelistv5 – Published: 2022-03-09 19:30 – Updated: 2024-08-02 23:40
VLAI
Summary
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)
Severity
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Smart-UPS |
Affected:
SMT Series
Affected: SMC Series Affected: SCL Series Affected: SMX Series Affected: SRT Series |
|
| Schneider Electric | SmartConnect |
Affected:
SMT Series
Affected: SMC Series Affected: SMTL Series Affected: SCL Series Affected: SMX Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APC Smart-UPS",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "SMT Series"
},
{
"status": "affected",
"version": "SMC Series"
},
{
"status": "affected",
"version": "SCL Series"
},
{
"status": "affected",
"version": "SMX Series"
},
{
"status": "affected",
"version": "SRT Series"
}
]
},
{
"product": "SmartConnect",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "SMT Series"
},
{
"status": "affected",
"version": "SMC Series"
},
{
"status": "affected",
"version": "SMTL Series"
},
{
"status": "affected",
"version": "SCL Series"
},
{
"status": "affected",
"version": "SMX Series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T16:25:27.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APC Smart-UPS",
"version": {
"version_data": [
{
"version_value": "SMT Series"
},
{
"version_value": "SMC Series"
},
{
"version_value": "SCL Series"
},
{
"version_value": "SMX Series"
},
{
"version_value": "SRT Series"
}
]
}
},
{
"product_name": "SmartConnect",
"version": {
"version_data": [
{
"version_value": "SMT Series"
},
{
"version_value": "SMC Series"
},
{
"version_value": "SMTL Series"
},
{
"version_value": "SCL Series"
},
{
"version_value": "SMX Series"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-0715",
"datePublished": "2022-03-09T19:30:14.000Z",
"dateReserved": "2022-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0730 (GCVE-0-2022-0730)
Vulnerability from cvelistv5 – Published: 2022-03-03 00:00 – Updated: 2024-08-02 23:40
VLAI
Summary
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Severity
No CVSS data available.
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/Cacti/cacti/issues/4562 | |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5298 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"name": "FEDORA-2022-6a7e259e15",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
},
{
"name": "FEDORA-2022-e619e3d5d0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"name": "FEDORA-2022-70f5c7ff72",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"name": "DSA-5298",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5298"
},
{
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cati",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.2.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"name": "FEDORA-2022-6a7e259e15",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
},
{
"name": "FEDORA-2022-e619e3d5d0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"name": "FEDORA-2022-70f5c7ff72",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"name": "DSA-5298",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5298"
},
{
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0730",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0910 (GCVE-0-2022-0910)
Vulnerability from cvelistv5 – Published: 2022-05-24 02:20 – Updated: 2024-08-02 23:47
VLAI
Summary
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
Severity
6.5 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zyxel.com/support/multiple-vulnerabil… | x_refsource_CONFIRM |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zyxel | USG/ZyWALL series firmware |
Affected:
4.32 through 4.71
|
|
| Zyxel | USG FLEX series firmware |
Affected:
4.50 through 5.21
|
|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.21
|
|
| Zyxel | VPN series firmware |
Affected:
4.32 through 5.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG/ZyWALL series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 4.71"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.21"
}
]
},
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.21"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-24T02:20:13.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG/ZyWALL series firmware",
"version": {
"version_data": [
{
"version_value": "4.32 through 4.71"
}
]
}
},
{
"product_name": "USG FLEX series firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.21"
}
]
}
},
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
{
"version_value": "4.32 through 5.21"
}
]
}
},
{
"product_name": "VPN series firmware",
"version": {
"version_data": [
{
"version_value": "4.32 through 5.21"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-0910",
"datePublished": "2022-05-24T02:20:13.000Z",
"dateReserved": "2022-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.