CVE-2022-36642

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.5.0:r1:*:*:*:*:*:*
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.5.0:-:*:*:*:*:*:*
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*

History

27 Sep 2022, 15:40

Type Values Removed Values Added
References (MISC) https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis - (MISC) https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis - Exploit, Third Party Advisory

23 Sep 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis -
Summary A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.

07 Sep 2022, 14:49

Type Values Removed Values Added
First Time Telosalliance
Telosalliance omnia Mpx Node Firmware
Telosalliance omnia Mpx Node
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklL - (MISC) https://drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklL - Exploit, Third Party Advisory
References (MISC) https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd - (MISC) https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd - Exploit, Third Party Advisory
References (MISC) https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node - (MISC) https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node - Product, Vendor Advisory
References (MISC) https://www.exploit-db.com/exploits/50996 - (MISC) https://www.exploit-db.com/exploits/50996 - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.5.0:r1:*:*:*:*:*:*
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.5.0:-:*:*:*:*:*:*
CWE CWE-862

02 Sep 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-02 22:15

Updated : 2022-09-27 15:40


NVD link : CVE-2022-36642

Mitre link : CVE-2022-36642


JSON object : View

Products Affected

telosalliance

  • omnia_mpx_node
  • omnia_mpx_node_firmware
CWE
CWE-862

Missing Authorization