CVE-2022-3010

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://csirt.divd.nl/CVE-2022-3010	Broken Link
https://csirt.divd.nl/DIVD-2022-00035	Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-02 19:15

Updated : 2024-01-09 16:37

NVD link : CVE-2022-3010

Mitre link : CVE-2022-3010

CVE.ORG link : CVE-2022-3010

JSON object : View

Products Affected

priva

top_control_suite

CWE

CWE-916

Use of Password Hash With Insufficient Computational Effort

CWE-1391

Use of Weak Credentials

{"id": "CVE-2022-3010", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-02T19:15:09.783", "references": [{"url": "https://csirt.divd.nl/CVE-2022-3010", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2022-00035", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "csirt@divd.nl"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-916"}]}, {"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-1391"}]}], "descriptions": [{"lang": "en", "value": "The Priva TopControl Suite contains\u00a0predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite."}, {"lang": "es", "value": "Priva TopControl Suite contiene credenciales predecibles para el servicio SSH, basadas en el n\u00famero de serie. Lo que hace posible que un atacante calcule las credenciales de inicio de sesi\u00f3n para la suite Priva TopControll."}], "lastModified": "2024-01-09T16:37:32.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32C20BD5-643F-436B-AE1A-0FBDC39910B2", "versionEndIncluding": "8.7.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "csirt@divd.nl"}