CVE-2022-43308 - OpenCVE

INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Intelbras	Sg 2404 Mr Sg 2404 Mr Firmware Sg 2404 Poe Firmware Sg 2404 Poe

Configuration 1 [-]

AND

cpe:2.3:o:intelbras:sg_2404_poe_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intelbras:sg_2404_poe:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intelbras:sg_2404_mr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intelbras:sg_2404_mr:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt	Exploit Third Party Advisory
https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-ethernet-sg-2404-poe	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-18T00:00:00

Updated: 2022-11-18T00:00:00

Reserved: 2022-10-17T00:00:00

Link: CVE-2022-43308

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-18T04:15:16.603

Modified: 2022-11-23T18:07:35.860

Link: CVE-2022-43308

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intelbras:sg_2404_poe_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "712C6595-1357-45F1-8988-EEC1C3361FB6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intelbras:sg_2404_poe:-:*:*:*:*:*:*:*", "matchCriteriaId": "354D872A-3404-4983-88E5-B93D3D3D5857", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intelbras:sg_2404_mr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCA5BCE1-F98C-47A0-8C8A-0E80DD385964", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intelbras:sg_2404_mr:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3EDC560-366C-46A2-AE4A-34FB9C7A5FE1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies."}, {"lang": "es", "value": "INTELBRAS SG 2404 MR 20180928-rel64938 permite a atacantes autenticados crear arbitrariamente cuentas de administrador a trav\u00e9s de cookies de usuario manipuladas."}], "id": "CVE-2022-43308", "lastModified": "2022-11-23T18:07:35.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-18T04:15:16.603", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-ethernet-sg-2404-poe"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}