CVE-2022-27179

Published Apr 20, 2022

Last updated 3 years ago

Overview

Description
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.
Source
ics-cert@hq.dhs.gov
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4
Impact score
2.9
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

ics-cert@hq.dhs.gov
CWE-522

Social media

Hype score
Not currently trending

Configurations