CVE-2022-48615 - OpenCVE

An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Ar617vw Ar617vw Firmware

Configuration 1 [-]

AND

cpe:2.3:h:huawei:ar617vw:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ar617vw_firmware:v300r21c00spc200:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2023-12-12T07:23:07.711Z

Updated: 2024-08-03T15:17:55.529Z

Reserved: 2023-12-12T01:06:56.006Z

Link: CVE-2022-48615

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-12T08:15:06.937

Modified: 2023-12-15T15:02:28.517

Link: CVE-2022-48615

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ar617vw:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5DE91A7-9567-4086-90FC-E13214E61FA6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ar617vw_firmware:v300r21c00spc200:*:*:*:*:*:*:*", "matchCriteriaId": "3DE4F691-FB18-4844-89A3-D8618650CC8E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso inadecuado en un producto de comunicaci\u00f3n de datos de Huawei. Los atacantes pueden aprovechar esta vulnerabilidad para obtener informaci\u00f3n parcial del dispositivo."}], "id": "CVE-2022-48615", "lastModified": "2023-12-15T15:02:28.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 4.2, "source": "psirt@huawei.com", "type": "Secondary"}]}, "published": "2023-12-12T08:15:06.937", "references": [{"source": "psirt@huawei.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@huawei.com", "type": "Secondary"}]}