CVE-2022-36780 - OpenCVE

Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Avdorcis	Crystal Quality

Configuration 1 [-]

cpe:2.3:a:avdorcis:crystal_quality:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.gov.il/en/Departments/faq/cve_advisories	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCD

Published: 2022-09-11T00:00:00

Updated: 2022-09-13T14:57:56

Reserved: 2022-07-26T00:00:00

Link: CVE-2022-36780

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-13T15:15:08.667

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-36780

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "crystal quality", "vendor": "Avdor CIS", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "Update to the latest version", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Dudu Moyal - Sophtix Security LTD. "}], "datePublic": "2022-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Credentials Management Errors", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T14:57:56", "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "value": "Update to the latest version."}], "source": {"defect": ["ILVN-2022-0051"], "discovery": "EXTERNAL"}, "title": "Avdor CIS - crystal quality Credentials Management Errors", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cyber.gov.il", "DATE_PUBLIC": "2022-09-11T05:45:00.000Z", "ID": "CVE-2022-36780", "STATE": "PUBLIC", "TITLE": "Avdor CIS - crystal quality Credentials Management Errors"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "crystal quality", "version": {"version_data": [{"version_affected": ">=", "version_value": "Update to the latest version"}]}}]}, "vendor_name": "Avdor CIS"}]}}, "credit": [{"lang": "eng", "value": "Dudu Moyal - Sophtix Security LTD. "}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Credentials Management Errors"}]}]}, "references": {"reference_data": [{"name": "https://www.gov.il/en/Departments/faq/cve_advisories", "refsource": "MISC", "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}]}, "solution": [{"lang": "en", "value": "Update to the latest version."}], "source": {"defect": ["ILVN-2022-0051"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "cveId": "CVE-2022-36780", "datePublished": "2022-09-11T00:00:00", "dateReserved": "2022-07-26T00:00:00", "dateUpdated": "2022-09-13T14:57:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avdorcis:crystal_quality:-:*:*:*:*:*:*:*", "matchCriteriaId": "B48A54B0-CE93-4B18-A440-247F4662FA26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number."}, {"lang": "es", "value": "Avdor CIS - crystal quality. Errores de Administraci\u00f3n de Credenciales. El producto es un grabador de llamadas telef\u00f3nicas, pueden escucharse todas las llamadas grabadas sin autenticarse en el sistema. El atacante env\u00eda una URL dise\u00f1ada al sistema: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id del n\u00famero grabado"}], "id": "CVE-2022-36780", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 3.4, "source": "cna@cyber.gov.il", "type": "Secondary"}]}, "published": "2022-09-13T15:15:08.667", "references": [{"source": "cna@cyber.gov.il", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}