CVE-2022-23765 - OpenCVE

This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Iptime	Nas1dual Nas1dual Firmware Nas2dual Nas2dual Firmware Nas4dual Nas4dual Firmware

Configuration 1 [-]

AND

cpe:2.3:o:iptime:nas1dual_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:nas1dual:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:iptime:nas2dual_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:nas2dual:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:iptime:nas4dual_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:nas4dual:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2022-08-17T20:24:23

Updated: 2024-08-03T03:51:46.056Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23765

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-17T21:15:08.907

Modified: 2022-08-19T17:53:07.217

Link: CVE-2022-23765

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Linux, Windows and etc.."], "product": "NAS1dual, NAS2dual, NAS4dual", "vendor": "EFM Networks Co.,Ltd", "versions": [{"lessThan": "1.4.86", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-17T20:24:23", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877"}], "source": {"discovery": "UNKNOWN"}, "title": "IPTIME NAS family CSRF vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2022-23765", "STATE": "PUBLIC", "TITLE": "IPTIME NAS family CSRF vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NAS1dual, NAS2dual, NAS4dual", "version": {"version_data": [{"platform": "Linux, Windows and etc..", "version_affected": "<", "version_value": "1.4.86"}]}}]}, "vendor_name": "EFM Networks Co.,Ltd"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877", "refsource": "MISC", "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:46.056Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877"}]}]}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2022-23765", "datePublished": "2022-08-17T20:24:23", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.056Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iptime:nas1dual_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90965263-2D84-4742-B60E-0A6738D9F329", "versionEndExcluding": "1.4.86", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iptime:nas1dual:-:*:*:*:*:*:*:*", "matchCriteriaId": "2ACEC464-70B3-452B-A1A3-594C697E3AB3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iptime:nas2dual_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C67D4CA9-5991-4E37-B3E4-F39A49E949E8", "versionEndExcluding": "1.4.86", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iptime:nas2dual:-:*:*:*:*:*:*:*", "matchCriteriaId": "271D21D5-A55E-4D4F-8473-5A7A67573DEA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iptime:nas4dual_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D302186C-3FF6-49F2-9622-ED3FB06F9EE1", "versionEndExcluding": "1.4.86", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iptime:nas4dual:-:*:*:*:*:*:*:*", "matchCriteriaId": "0429CC1A-B95C-4FB0-90D6-D6CAD8E1CC14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request."}, {"lang": "es", "value": "Esta vulnerabilidad es producida al enviar una petici\u00f3n POST maliciosa a una p\u00e1gina espec\u00edfica mientras ha sido iniciada una sesi\u00f3n con un usuario aleatorio de alguna familia de IPTIME NAS. Los atacantes remotos pueden robar privilegios de root al cambiar la contrase\u00f1a del mismo mediante una petici\u00f3n POST."}], "id": "CVE-2022-23765", "lastModified": "2022-08-19T17:53:07.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2022-08-17T21:15:08.907", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66877"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}