CVE-2022-33202 - OpenCVE

Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Softcreate	L2blocker

Configuration 1 [-]

OR	cpe:2.3:a:softcreate:l2blocker:::::cloud:::*
	cpe:2.3:a:softcreate:l2blocker:::::on-premise:::*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN51464799/index.html
https://www.softcreate.co.jp/news/detail/210

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-06-27T00:20:25

Updated: 2024-08-03T08:01:20.169Z

Reserved: 2022-06-15T00:00:00

Link: CVE-2022-33202

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-27T01:15:07.340

Modified: 2022-07-07T14:07:06.300

Link: CVE-2022-33202

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "L2Blocker", "vendor": "SOFTCREATE CORP.", "versions": [{"status": "affected", "version": "L2Blocker(on-premise) Ver4.8.5 and earlier, and L2Blocker(Cloud) Ver4.8.5 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor."}], "problemTypes": [{"descriptions": [{"description": "Authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-27T00:20:25", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.softcreate.co.jp/news/detail/210"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN51464799/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-33202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "L2Blocker", "version": {"version_data": [{"version_value": "L2Blocker(on-premise) Ver4.8.5 and earlier, and L2Blocker(Cloud) Ver4.8.5 and earlier"}]}}]}, "vendor_name": "SOFTCREATE CORP."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication bypass"}]}]}, "references": {"reference_data": [{"name": "https://www.softcreate.co.jp/news/detail/210", "refsource": "MISC", "url": "https://www.softcreate.co.jp/news/detail/210"}, {"name": "https://jvn.jp/en/jp/JVN51464799/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN51464799/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:01:20.169Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.softcreate.co.jp/news/detail/210"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN51464799/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-33202", "datePublished": "2022-06-27T00:20:25", "dateReserved": "2022-06-15T00:00:00", "dateUpdated": "2024-08-03T08:01:20.169Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:softcreate:l2blocker:*:*:*:*:cloud:*:*:*", "matchCriteriaId": "77FDDA78-F607-4012-8ED6-8BC2D9F72ACC", "versionEndExcluding": "4.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:softcreate:l2blocker:*:*:*:*:on-premise:*:*:*", "matchCriteriaId": "99E6A5D4-21D8-46BE-A563-C56D631A3172", "versionEndExcluding": "4.8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor."}, {"lang": "es", "value": "Una vulnerabilidad de evasi\u00f3n de autenticaci\u00f3n en la pantalla de configuraci\u00f3n de L2Blocker(on-premise) versiones Ver4.8.5 y anteriores y L2Blocker(Cloud) versiones Ver4.8.5 y anteriores, permite a un atacante adyacente llevar a cabo un inicio de sesi\u00f3n no autorizado y obtener la informaci\u00f3n almacenada o causar un mal funcionamiento del dispositivo mediante el uso de rutas o canales alternativos para el Sensor"}], "id": "CVE-2022-33202", "lastModified": "2022-07-07T14:07:06.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-27T01:15:07.340", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN51464799/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.softcreate.co.jp/news/detail/210"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}