CVE-2022-44717 - OpenCVE

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netscout	Ngeniusone

Configuration 1 [-]

cpe:2.3:a:netscout:ngeniusone:6.3.2:build904:*:*:*:*:*:*

References

Link	Resource
https://www.netscout.com/securityadvisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-27T00:00:00

Updated: 2023-01-27T00:00:00

Reserved: 2022-11-04T00:00:00

Link: CVE-2022-44717

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-01-27T14:15:11.293

Modified: 2023-02-07T19:21:00.917

Link: CVE-2022-44717

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.2:build904:*:*:*:*:*:*", "matchCriteriaId": "47C284CB-BC1D-48C5-BFCA-7702FAB68365", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en NetScout nGeniusONE 6.3.2 build 904. Puede ocurrir una redirecci\u00f3n abierta (problema 1 de 2). Despu\u00e9s de iniciar sesi\u00f3n correctamente, un atacante debe visitar el par\u00e1metro vulnerable e inyectar un payload manipulado para redirigir exitosamente a un host desconocido. El vector de ataque es la red y la complejidad del ataque requerida es alta. Los privilegios requeridos son de administrador, se requiere interacci\u00f3n del usuario y el alcance no cambia. El usuario debe visitar el par\u00e1metro vulnerable e inyectar un payload manipulado para redirigir exitosamente a un host desconocido."}], "id": "CVE-2022-44717", "lastModified": "2023-02-07T19:21:00.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-27T14:15:11.293", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.netscout.com/securityadvisories"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}