CVE-2022-32282
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.
Se presenta una comprobación inapropiada de la contraseña en la funcionalidad login de WWBN AVideo versiones 11.6 y dev master commit 37c0364. Un atacante que posea el hash de la contraseña de un usuario podrá utilizarlo para iniciar sesión directamente en la cuenta, lo que conlleva un aumento de privilegios.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-13 CVE Reserved
- 2022-08-22 CVE Published
- 2024-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
- CWE-836: Use of Password Hash Instead of Password for Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1545 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|