CVE-2022-0823 - OpenCVE

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Gs1200-5 Gs1200-5 Firmware Gs1200-5hp Gs1200-5hp Firmware Gs1200-8 Gs1200-8 Firmware Gs1200-8hp Gs1200-8hp Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:gs1200-5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1200-5:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zyxel:gs1200-5hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1200-5hp:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zyxel:gs1200-8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1200-8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zyxel:gs1200-8hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1200-8hp:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zyxel

Published: 2022-06-07T01:10:12

Updated: 2024-08-02T23:40:04.352Z

Reserved: 2022-03-02T00:00:00

Link: CVE-2022-0823

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-09T16:15:08.160

Modified: 2023-06-27T16:10:09.157

Link: CVE-2022-0823

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Zyxel GS1200 series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "2.00 Patch 1"}]}], "descriptions": [{"lang": "en", "value": "An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203: Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-07T01:10:12", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2022-0823", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zyxel GS1200 series firmware", "version": {"version_data": [{"version_value": "2.00 Patch 1"}]}}]}, "vendor_name": "Zyxel"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack."}]}, "impact": {"cvss": {"baseScore": "6.2", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-203: Observable Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:40:04.352Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"}]}]}, "cveMetadata": {"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2022-0823", "datePublished": "2022-06-07T01:10:12", "dateReserved": "2022-03-02T00:00:00", "dateUpdated": "2024-08-02T23:40:04.352Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1200-5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "63808B9D-91BE-4A22-A371-3C208DA25E88", "versionEndExcluding": "2.00\\(abkm.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1200-5:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CA0FD7C-C949-40AB-BAE6-7F4B217C391F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1200-5hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "502727B1-44DA-4549-8FBF-EEE778B0E93D", "versionEndExcluding": "2.00\\(abkn.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1200-5hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB59B85F-BF6A-4A2F-807C-2545198FF9AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1200-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D28E10-50E9-465A-8B28-C3EFA0566968", "versionEndExcluding": "2.00\\(abme.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1200-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "060383AB-B58D-4255-B0D2-7C8EE87F80F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1200-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED2D7273-B9D4-40EC-BFB5-67B2B3FF321A", "versionEndExcluding": "2.00\\(abmf.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1200-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "45402A64-13DC-48E6-99DA-2FBBE2939846", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack."}, {"lang": "es", "value": "Una vulnerabilidad de control inapropiado de la frecuencia de interacci\u00f3n en los switches de la serie Zyxel GS1200, podr\u00eda permitir a un atacante local adivinar la contrase\u00f1a mediante un ataque de canal lateral de tiempo"}], "id": "CVE-2022-0823", "lastModified": "2023-06-27T16:10:09.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2022-06-09T16:15:08.160", "references": [{"source": "security@zyxel.com.tw", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}