CVE-2022-38168

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:avaya:scopia_pathfinder_10_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:*

cpe:2.3:h:avaya:scopia_pathfinder_10_pts:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:avaya:scopia_pathfinder_20_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:*

cpe:2.3:h:avaya:scopia_pathfinder_20_pts:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-03 21:15

Updated : 2024-05-17 02:12

NVD link : CVE-2022-38168

Mitre link : CVE-2022-38168

CVE.ORG link : CVE-2022-38168

JSON object : View

Products Affected

avaya

scopia_pathfinder_20_pts
scopia_pathfinder_20_pts_firmware
scopia_pathfinder_10_pts
scopia_pathfinder_10_pts_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2022-38168", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-11-03T21:15:09.660", "references": [{"url": "https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Un Control de Acceso Roto en la Autenticaci\u00f3n de Usuario en Avaya Scopia Pathfinder 10 y 20 PTS versi\u00f3n 8.3.7.0.4 permite a atacantes remotos no autenticados omitir la p\u00e1gina de inicio de sesi\u00f3n, acceder a informaci\u00f3n confidencial y restablecer contrase\u00f1as de usuario mediante modificaci\u00f3n de la URL."}], "lastModified": "2024-05-17T02:12:09.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:avaya:scopia_pathfinder_10_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9DD0F04-DF13-420D-8FC7-09B84040383E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:avaya:scopia_pathfinder_10_pts:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5E61DD5-1647-4AEB-AD76-F1E8594342C6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:avaya:scopia_pathfinder_20_pts_firmware:8.3.7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26BB8EB1-22ED-4E17-9284-FF6BAE6D68D5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:avaya:scopia_pathfinder_20_pts:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B81805BE-026E-4E66-B34D-EF1C0C0D5231"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}