CVE-2022-32958 - OpenCVE

A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Teamplus	Team\+ Pro

Configuration 1 [-]

OR	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:android::
	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:iphone_os::

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2022-07-12T00:00:00

Updated: 2022-07-20T02:01:54

Reserved: 2022-06-10T00:00:00

Link: CVE-2022-32958

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-20T02:15:07.637

Modified: 2022-08-01T13:52:09.847

Link: CVE-2022-32958

JSON object: View

Redhat Information

No data.

CWE

CWE-770

{"containers": {"cna": {"affected": [{"platforms": ["Android "], "product": "Teamplus Pro (Private cloud)", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["iOS"], "product": "Teamplus Pro (Private cloud)", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-20T02:01:54", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"}], "solutions": [{"lang": "en", "value": "Contact TEAMPLUS TECHNOLOGY INC. for tech support."}], "source": {"advisory": "TVN-202206004", "discovery": "EXTERNAL"}, "title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-07-12T01:30:00.000Z", "ID": "CVE-2022-32958", "STATE": "PUBLIC", "TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Teamplus Pro (Private cloud)", "version": {"version_data": [{"platform": "Android ", "version_affected": "<=", "version_value": "3.011.6.0.1"}, {"platform": "iOS", "version_affected": "<=", "version_value": "3.011.6.0.1"}]}}]}, "vendor_name": "TEAMPLUS TECHNOLOGY INC."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"}]}, "solution": [{"lang": "en", "value": "Contact TEAMPLUS TECHNOLOGY INC. for tech support."}], "source": {"advisory": "TVN-202206004", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2022-32958", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-06-10T00:00:00", "dateUpdated": "2022-07-20T02:01:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:android:*:*", "matchCriteriaId": "266BDB81-BE36-4A9D-BE19-9B96516B4E58", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:iphone_os:*:*", "matchCriteriaId": "3E7BB0AB-B190-4997-9873-4E8C5FA60DED", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process."}, {"lang": "es", "value": "Un atacante remoto con privilegio de usuario general puede enviar un mensaje al grupo de chat de Teamplus Pro que exceda el l\u00edmite de tama\u00f1o del mensaje, para terminar el proceso de chat de otros destinatarios de Teamplus Pro"}], "id": "CVE-2022-32958", "lastModified": "2022-08-01T13:52:09.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2022-07-20T02:15:07.637", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}