CVE-2022-50800 - Vulnerability Details

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.exploit-db.com/exploits/50742
https://www.h3c.com
https://www.vulncheck.com/advisories/hc-ssl-vpn-na-username-enumeration-via-login-script-credential-verification
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5697.php

History

Tue, 30 Dec 2025 23:00:00 +0000

Type	Values Removed	Values Added
Description		H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
Title		H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification
Weaknesses		CWE-203
References		https://www.exploit-db.com/exploits/50742 https://www.h3c.com https://www.vulncheck.com/advisories/hc-ssl-vpn-na-username-enumeration-via-login-script-credential-verification https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5697.php
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-30T22:41:40.801Z

Updated: 2025-12-30T22:41:40.801Z

Reserved: 2025-12-27T13:53:29.754Z

Link: CVE-2022-50800

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-30T23:15:47.273

Modified: 2025-12-30T23:15:47.273

Link: CVE-2022-50800

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-203

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object