Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.
References
Link | Resource |
---|---|
https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
01 Feb 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Telosalliance omnia Mpx Node
Telosalliance Telosalliance omnia Mpx Node Firmware |
|
CPE | cpe:2.3:o:telos:omnia_mpx_node_firmware:*:*:*:*:*:*:*:* |
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:* |
05 Dec 2022, 19:09
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 | |
First Time |
Telos
Telos omnia Mpx Node Telos omnia Mpx Node Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:h:telos:omnia_mpx_node:-:*:*:*:*:*:*:* cpe:2.3:o:telos:omnia_mpx_node_firmware:*:*:*:*:*:*:*:* |
02 Dec 2022, 04:14
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-02 03:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45562
Mitre link : CVE-2022-45562
CVE.ORG link : CVE-2022-45562
JSON object : View
Products Affected
telosalliance
- omnia_mpx_node
- omnia_mpx_node_firmware
CWE
CWE-276
Incorrect Default Permissions