OpenCVE

An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ui	Airfiber 60 Airfiber 60-hd Airfiber 60-hd Firmware Airfiber 60-lr Airfiber 60-lr Firmware Airfiber 60-xg Airfiber 60-xg Firmware Airfiber 60 Firmware Airfiber Gigabeam Airfiber Gigabeam Firmware Airmax Ac Airmax Ac Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ui:airfiber_gigabeam_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_gigabeam:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ui:airfiber_60-xg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60-xg:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ui:airfiber_60-hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60-hd:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ui:airfiber_60-lr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60-lr:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ui:airfiber_60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2022-12-23T00:00:00

Updated: 2024-08-03T13:54:03.925Z

Reserved: 2022-11-01T00:00:00

Link: CVE-2022-44565

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-23T15:15:15.847

Modified: 2024-11-21T07:28:08.407

Link: CVE-2022-44565

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_gigabeam_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0510CBD3-ECAB-4EAE-B813-A365EE2427CF", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_gigabeam:-:*:*:*:*:*:*:*", "matchCriteriaId": "27162356-52BC-4F91-B621-090FD2146BAD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60-xg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D9186FA-50AA-441F-9046-B3BD3414119F", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60-xg:-:*:*:*:*:*:*:*", "matchCriteriaId": "D617F313-DFC0-4B0B-837B-52A2F99B7D35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60-hd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD966B48-6F6E-4BED-B85B-700B8EA5037E", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60-hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF242E77-8776-431E-8140-CCBD0113F9EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60-lr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB9E8D61-70F7-44E3-ACB7-2F114B221669", "versionEndExcluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60-lr:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6A02180-9B12-4DF6-89FB-B6223CEDDFA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFEA6FA8-7BEE-4DF2-9F7E-B761F6FB0F0F", "versionEndExcluding": "8.7.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E17A9B8-9B06-4F94-A72D-5D1090092519", "versionEndExcluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1DC32EA-21B5-444A-8EC1-7B4AB564CB94", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de acceso incorrecto en airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD"}], "id": "CVE-2022-44565", "lastModified": "2024-11-21T07:28:08.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-23T15:15:15.847", "references": [{"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}