{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-17T22:48:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html"}, {"tags": ["x_refsource_MISC"], "url": "https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-32985", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html", "refsource": "MISC", "url": "https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html"}, {"name": "https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/", "refsource": "MISC", "url": "https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:54:03.446Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-32985", "datePublished": "2022-07-17T22:48:58", "dateReserved": "2022-06-10T00:00:00", "dateUpdated": "2024-08-03T07:54:03.446Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F130901E-4D8F-4036-BB59-78A5A09A4B38", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FBE97B6-6B70-4F20-B4E2-984872B9851F", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_641_desk_v5_sfp-vi:-:*:*:*:*:*:*:*", "matchCriteriaId": "01E53A0B-FDEF-4AB5-AFC8-E32F5FDF7E1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCAB8644-7C58-4447-B9CF-F89114CF09FF", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6D07D42-0290-437F-AC78-B601B793DE42", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_642_desk_v5_sfp-2vi:-:*:*:*:*:*:*:*", "matchCriteriaId": "6AE029D9-A834-4F8E-9D31-2995CD662A30", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pd-f\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD36F20F-657B-40B9-A0BE-BC618925DD03", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pd-f\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B4FEBD1-5DF2-4A41-97DB-6D1BDF7F6C7B", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_2tp\\(pd-f\\+\\)_sfp-vi_54vdc:-:*:*:*:*:*:*:*", "matchCriteriaId": "26DC7E05-780F-4619-B9CA-791F8A800CB5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pse\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A06836D-0277-42FB-89A7-F447A8965949", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp\\(pse\\+\\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E9D8E02-2F9B-4162-AA10-5DDF737E2917", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_2tp\\(pse\\+\\)_sfp-vi_54vdc:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EC7A7E6-8372-4524-A670-D25F72DC2136", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA8E1089-06DF-4037-A64A-62605B85BAAB", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8307E535-1C06-4F95-B5C0-E05607EC40CB", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2505199-CA23-4240-AB85-61A871D61A57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "254E133B-73D6-44F5-80FF-42292F0DC2E2", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "07DC03AC-D4AC-472D-9AFB-6EB88762FC5A", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_sfp-2vi_230vac:-:*:*:*:*:*:*:*", "matchCriteriaId": "1597D8F8-7997-4CFE-AA01-F973894745C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "378B152F-C30A-4CE2-927E-B6568BB319C7", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7ED3A23-42FF-46E7-86A5-449E86126F2D", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBDD9F34-59FB-48B1-A7AB-CA4149BFF294", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "399951C7-0507-4A6A-93BB-E395B30C20F9", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC63EDA8-7F04-4BB1-B697-7393F7A95BCC", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_ind:-:*:*:*:*:*:*:*", "matchCriteriaId": "A366AC40-7F7C-473D-9CC2-CED9768BDA3D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EA2A765-1CE5-4C18-A32F-B02FDCBAF93B", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E813952-F099-46D3-B042-5C3099745EF4", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp\\(pse\\+\\)_sfp-2vi_54vdc_med:-:*:*:*:*:*:*:*", "matchCriteriaId": "23ED5429-62BF-442D-A99A-B98EA8AFF063", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B490CF52-7C24-4D21-9451-AB85C3BEC82B", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "03163410-20A5-45CB-BBF4-D7ED19AB452F", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc:-:*:*:*:*:*:*:*", "matchCriteriaId": "33EB6A88-9015-4F2D-A820-E982016B3F9F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CD0607F-8124-4478-A550-6E19C8CA2948", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B00F440-6229-4C48-89FA-F32CCEB16877", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind:-:*:*:*:*:*:*:*", "matchCriteriaId": "59BFE60D-A94C-4C86-9D60-FED3694CCE1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B6720C6-3BFA-4990-B285-F3B56C452274", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1795910D-46E2-44E9-AA4A-4C5F8B85079A", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A723AEC-BD82-437D-B35E-E15F440A56E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBE47298-6058-4086-BD59-B5AC3115029D", "versionEndExcluding": "6.02n", "vulnerable": true}, {"criteria": "cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7B4CA67-58AB-4B69-A80C-4C828D0D8D4D", "versionEndExcluding": "7.02", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-vi_230vac:-:*:*:*:*:*:*:*", "matchCriteriaId": "98ACC6A5-5030-40DA-8D0E-C0AFF94D3748", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201."}, {"lang": "es", "value": "El archivo libnx_apl.so en Nexans FTTO GigaSwitch versiones anteriores a 6.02N y versiones 7.x anteriores a 7.02, implementa una cuenta de puerta trasera para los inicios de sesi\u00f3n SSH en el puerto 50200 o 50201"}], "id": "CVE-2022-32985", "lastModified": "2024-11-21T07:07:21.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-17T23:15:09.060", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}