Sign-up

ID

VAR-202306-2305


CVE

CVE-2022-44719


TITLE

UCOPIA  of  UCOPIA Wireless Appliance  Improper Permission Assignment Vulnerability for Critical Resources in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-024578

DESCRIPTION

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions. UCOPIA of UCOPIA Wireless Appliance A firmware vulnerability related to improper assignment of permissions to critical resources.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-44719 // JVNDB: JVNDB-2022-024578

AFFECTED PRODUCTS

vendor:ucopiamodel:wireless appliancescope:ltversion:6.0.13

Trust: 1.0

vendor:ucopiamodel:wireless appliancescope: - version: -

Trust: 0.8

vendor:ucopiamodel:wireless appliancescope:eqversion:ucopia wireless appliance firmware 6.0.13

Trust: 0.8

vendor:ucopiamodel:wireless appliancescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-024578 // NVD: CVE-2022-44719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-44719
value: HIGH

Trust: 1.0

NVD: CVE-2022-44719
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202306-2190
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-44719
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-44719
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-024578 // CNNVD: CNNVD-202306-2190 // NVD: CVE-2022-44719

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-024578 // NVD: CVE-2022-44719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-2190

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202306-2190

EXTERNAL IDS

db:NVDid:CVE-2022-44719

Trust: 3.2

db:JVNDBid:JVNDB-2022-024578

Trust: 0.8

db:CNNVDid:CNNVD-202306-2190

Trust: 0.6

sources: JVNDB: JVNDB-2022-024578 // CNNVD: CNNVD-202306-2190 // NVD: CVE-2022-44719

REFERENCES

url:https://www.synacktiv.com/sites/default/files/2023-06/synacktiv-ucopia-multiple-vulnerabilities-2022.pdf

Trust: 2.4

url:https://www.ucopia.com/en/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-44719

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-44719/

Trust: 0.6

sources: JVNDB: JVNDB-2022-024578 // CNNVD: CNNVD-202306-2190 // NVD: CVE-2022-44719

SOURCES

db:JVNDBid:JVNDB-2022-024578
db:CNNVDid:CNNVD-202306-2190
db:NVDid:CVE-2022-44719

LAST UPDATE DATE

2024-08-14T14:17:08.007000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-024578date:2023-12-22T08:18:00
db:CNNVDid:CNNVD-202306-2190date:2023-07-10T00:00:00
db:NVDid:CVE-2022-44719date:2023-07-07T18:34:38.157

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-024578date:2023-12-22T00:00:00
db:CNNVDid:CNNVD-202306-2190date:2023-06-29T00:00:00
db:NVDid:CVE-2022-44719date:2023-06-29T20:15:09.727