CVE-2022-45562

{"id": "CVE-2022-45562", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-02T03:15:09.387", "references": [{"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access."}, {"lang": "es", "value": "Los permisos inseguros en Telos Alliance Omnia MPX Node v1.0.0 a v1.4.9 permiten a los atacantes manipular y acceder a la configuraci\u00f3n del sistema con privilegios bajos de la cuenta de backdoor, lo que puede llevar a cambiar la configuraci\u00f3n del hardware y ejecutar comandos arbitrarios en funciones vulnerables del sistema que requieren altos privilegios para acceso."}], "lastModified": "2025-04-24T14:15:41.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A113AF7-AFBC-4349-9092-5211AF313CA9", "versionEndIncluding": "1.4.9", "versionStartIncluding": "1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8ADBE36A-36A9-4F2B-93A5-DBF192B4405A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}