CVE-2022-45778 - OpenCVE

https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hillstonenet	Sc-6000-wv02 Sc-6000-wv02 Firmware Sc-6000-wv04 Sc-6000-wv04 Firmware Sc-6000-wv08 Sc-6000-wv08 Firmware Sc-6000-wv12 Sc-6000-wv12 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv02_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv02:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv04:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv08_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv08:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv12:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-27T00:00:00

Updated: 2024-08-03T14:17:04.170Z

Reserved: 2022-11-21T00:00:00

Link: CVE-2022-45778

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-27T22:15:14.880

Modified: 2023-08-08T14:21:49.707

Link: CVE-2022-45778

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv02_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8AFFD44-DC56-4807-809F-1C87986DB9B3", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv02:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D17353A-7A6C-4AA2-8B72-63DA5A8F3DFD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv04_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE5501A2-FC15-4B25-8D7C-750D935410B2", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv04:-:*:*:*:*:*:*:*", "matchCriteriaId": "08DE2243-8111-4E8B-8A7A-F6D74C41C99A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv08_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFEDD085-0FBD-4947-99F6-3CD5448AEC06", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv08:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F275043-11DA-4065-B1D6-A91526F38748", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F1A59B9-8C07-4D7A-AB11-A72A2E173C22", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv12:-:*:*:*:*:*:*:*", "matchCriteriaId": "06E3EC96-B253-4310-9E75-93AC09BCCE48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m."}, {"lang": "es", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 es vulnerable a un control de acceso incorrecto. Existe una vulnerabilidad de omisi\u00f3n de permisos en el firewall de la aplicaci\u00f3n WEB de Hillstone. Un atacante puede ingresar al fondo del firewall con privilegios de superadministrador a trav\u00e9s de un error de configuraci\u00f3n en report.m."}], "id": "CVE-2022-45778", "lastModified": "2023-08-08T14:21:49.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-27T22:15:14.880", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}