CVE-2022-27179

{"id": "CVE-2022-27179", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2022-04-20T16:15:08.660", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised."}, {"lang": "es", "value": "Un actor malicioso que tenga acceso al archivo de configuraci\u00f3n exportado puede obtener las credenciales almacenadas y, por tanto, obtener acceso al recurso protegido. Si las mismas contrase\u00f1as se utilizaron para otros recursos, otros activos de este tipo pueden verse comprometidos"}], "lastModified": "2022-04-28T18:56:14.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:da50n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A81A3812-8347-40A1-8742-1B5BEF12B894"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:da50n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B58B0481-AE48-4B7A-B57B-4FA6B573C040"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}