ByteOS Network

Vulnerability Details :

CVE-2022-45434

Assigner-dahua

Assigner Org ID-79ee569e-7d1e-4364-98f0-3a18e2a739ad

Published At-27 Dec, 2022 | 00:00

Updated At-14 Apr, 2025 | 12:59

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:dahua

Assigner Org ID:79ee569e-7d1e-4364-98f0-3a18e2a739ad

Published At:27 Dec, 2022 | 00:00

Updated At:14 Apr, 2025 | 12:59

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2

Versions

Affected

V8.0.2, V8.0.4, V8.1

Problem Types

Type	CWE ID	Description
text	N/A	Allocation of Resources Without Limits or Throttling

Type: text

CWE ID: N/A

Description: Allocation of Resources Without Limits or Throttling

References

Hyperlink	Resource
https://www.dahuasecurity.com/support/cybersecurity/details/1137	N/A

Hyperlink: https://www.dahuasecurity.com/support/cybersecurity/details/1137

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.dahuasecurity.com/support/cybersecurity/details/1137	x_transferred

Hyperlink: https://www.dahuasecurity.com/support/cybersecurity/details/1137

Resource:

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-770	CWE-770 Allocation of Resources Without Limits or Throttling

Type: CWE

CWE ID: CWE-770

Description: CWE-770 Allocation of Resources Without Limits or Throttling

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cybersecurity@dahuatech.com

Published At:27 Dec, 2022 | 18:15

Updated At:14 Apr, 2025 | 13:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-770	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

Hyperlink	Source	Resource
https://www.dahuasecurity.com/support/cybersecurity/details/1137	cybersecurity@dahuatech.com	Patch Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/1137	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory

CVE-2022-45434

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs