CVE-2022-25785 | ByteOS Network

Vulnerability Details :

CVE-2022-25785

Assigner-Secomea

Assigner Org ID-f2815942-3388-4c08-ba09-6c15850fda90

Published At-04 May, 2022 | 13:57

Updated At-03 Aug, 2024 | 04:49

Buffer overrun

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:Secomea

Assigner Org ID:f2815942-3388-4c08-ba09-6c15850fda90

Published At:04 May, 2022 | 13:57

Updated At:03 Aug, 2024 | 04:49

▼CVE Numbering Authority (CNA)

Buffer overrun

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.

Affected Products

Vendor

Product

Versions

Affected

From all before 9.7 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-121	CWE-121 Stack-based Buffer Overflow

Type: CWE

CWE ID: CWE-121

Description: CWE-121 Stack-based Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.secomea.com/support/cybersecurity-advisory/	x_refsource_MISC

Hyperlink: https://www.secomea.com/support/cybersecurity-advisory/

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.secomea.com/support/cybersecurity-advisory/	x_refsource_MISC x_transferred

Hyperlink: https://www.secomea.com/support/cybersecurity-advisory/

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:VulnerabilityReporting@secomea.com

Published At:04 May, 2022 | 14:15

Updated At:11 May, 2022 | 19:02

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

>>sitemanager_1129_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:*

>>sitemanager_1129>>-

cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:*

>>sitemanager_1139_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:*

>>sitemanager_1139>>-

cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:*

>>sitemanager_1149_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:*

>>sitemanager_1149>>-

cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:*

>>sitemanager_3329_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:*

>>sitemanager_3329>>-

cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:*

>>sitemanager_3339_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:*

>>sitemanager_3339>>-

cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:*

>>sitemanager_3349_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:*

>>sitemanager_3349>>-

cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:*

>>sitemanager_3529_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:*

>>sitemanager_3529>>-

cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:*

>>sitemanager_3539_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:*

>>sitemanager_3539>>-

cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:*

>>sitemanager_3549_firmware>>Versions before 9.7.622134021(exclusive)

cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:*

>>sitemanager_3549>>-

cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-121	Secondary	VulnerabilityReporting@secomea.com

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-121

Type: Secondary

Source: VulnerabilityReporting@secomea.com

References

Hyperlink	Source	Resource
https://www.secomea.com/support/cybersecurity-advisory/	VulnerabilityReporting@secomea.com	Vendor Advisory

Hyperlink: https://www.secomea.com/support/cybersecurity-advisory/

Source: VulnerabilityReporting@secomea.com

Resource:

Vendor Advisory