CVE-2022-41985 - OpenCVE

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Weston-embedded	Uc-ftps

Configuration 1 [-]

cpe:2.3:a:weston-embedded:uc-ftps:1.98.00:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/weston-embedded/uC-FTPs/pull/1
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2023-05-10T15:23:52.853Z

Updated: 2024-08-03T12:56:39.171Z

Reserved: 2022-11-29T19:21:47.374Z

Link: CVE-2022-41985

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-10T16:15:09.400

Modified: 2023-05-18T21:23:44.783

Link: CVE-2022-41985

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41985", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2022-11-29T19:21:47.374Z", "datePublished": "2023-05-10T15:23:52.853Z", "dateUpdated": "2024-08-03T12:56:39.171Z"}, "containers": {"cna": {"affected": [{"vendor": "Weston Embedded", "product": "uC-FTPs", "versions": [{"version": "v 1.98.00", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "type": "CWE", "cweId": "CWE-303"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-05-10T17:00:05.769Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"url": "https://github.com/weston-embedded/uC-FTPs/pull/1", "name": "https://github.com/weston-embedded/uC-FTPs/pull/1"}], "credits": [{"lang": "en", "value": "Discovered by Kelly Leuschner of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "tags": ["x_transferred"]}, {"url": "https://github.com/weston-embedded/uC-FTPs/pull/1", "name": "https://github.com/weston-embedded/uC-FTPs/pull/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.171Z"}}]}}