CVE-2022-38168
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.
Un Control de Acceso Roto en la Autenticación de Usuario en Avaya Scopia Pathfinder 10 y 20 PTS versión 8.3.7.0.4 permite a atacantes remotos no autenticados omitir la página de inicio de sesión, acceder a información confidencial y restablecer contraseñas de usuario mediante modificación de la URL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-11 CVE Reserved
- 2022-11-03 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avaya Search vendor "Avaya" | Scopia Pathfinder 10 Pts Firmware Search vendor "Avaya" for product "Scopia Pathfinder 10 Pts Firmware" | 8.3.7.0.4 Search vendor "Avaya" for product "Scopia Pathfinder 10 Pts Firmware" and version "8.3.7.0.4" | - |
Affected
| in | Avaya Search vendor "Avaya" | Scopia Pathfinder 10 Pts Search vendor "Avaya" for product "Scopia Pathfinder 10 Pts" | - | - |
Safe
|
| Avaya Search vendor "Avaya" | Scopia Pathfinder 20 Pts Firmware Search vendor "Avaya" for product "Scopia Pathfinder 20 Pts Firmware" | 8.3.7.0.4 Search vendor "Avaya" for product "Scopia Pathfinder 20 Pts Firmware" and version "8.3.7.0.4" | - |
Affected
| in | Avaya Search vendor "Avaya" | Scopia Pathfinder 20 Pts Search vendor "Avaya" for product "Scopia Pathfinder 20 Pts" | - | - |
Safe
|
* End Of Life in some or all products. Do not expect updates.