Details of VAR-202212-0486

ID

VAR-202212-0486

CVE

CVE-2022-44039

TITLE

Franklin Fueling System Colibri Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202212-2507

DESCRIPTION

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password

Trust: 0.99

sources: NVD: CVE-2022-44039 // VULHUB: VHN-441228

AFFECTED PRODUCTS

vendor:

franklinfueling

model:

colibri

scope:

version:

1.9.22.8925

Trust: 1.0

sources: NVD: CVE-2022-44039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44039
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-44039
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202212-2507
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-44039
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNNVD: CNNVD-202212-2507 // NVD: CVE-2022-44039 // NVD: CVE-2022-44039

PROBLEMTYPE DATA

problemtype:

CWE-863

Trust: 1.1

sources: VULHUB: VHN-441228 // NVD: CVE-2022-44039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2507

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2507

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44039	Trust: 1.7
db:	CNNVD	id:	CNNVD-202212-2507	Trust: 0.6
db:	VULHUB	id:	VHN-441228	Trust: 0.1

sources: VULHUB: VHN-441228 // CNNVD: CNNVD-202212-2507 // NVD: CVE-2022-44039

REFERENCES

url:	https://pastebin.com/raw/64stbswu	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-44039/	Trust: 0.6

sources: VULHUB: VHN-441228 // CNNVD: CNNVD-202212-2507 // NVD: CVE-2022-44039

SOURCES

db:	VULHUB	id:	VHN-441228
db:	CNNVD	id:	CNNVD-202212-2507
db:	NVD	id:	CVE-2022-44039

LAST UPDATE DATE

2025-04-25T01:48:52.113000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-441228	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202212-2507	date:	2022-12-08T00:00:00
db:	NVD	id:	CVE-2022-44039	date:	2025-04-24T14:15:39.200

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-441228	date:	2022-12-05T00:00:00
db:	CNNVD	id:	CNNVD-202212-2507	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2022-44039	date:	2022-12-05T21:15:10.280