CVE-2022-38125

CVE

Medium

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploit…

CVSS

5.5

Medium

EPSS

0.00

p17

Published

2022-01-01

Updated

2022-01-01

Description

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.

Tags · CWE

CWE-923

CAPEC-161

CAPEC-481

CAPEC-501

CAPEC-697

Affected products

Sitemanager_1129_firmwareSitemanager_1139_firmwareSitemanager_1149_firmwareSitemanager_1529_firmwareSitemanager_1539_firmwareSitemanager_1549_firmwareSitemanager_3329_firmwareSitemanager_3339_firmwareSitemanager_3349_firmwareSitemanager_3529_firmwareSitemanager_3539_firmwareSitemanager_3549_firmware

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

2022-01-01

Published

2022-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: N

None (N)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.001 · p17

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1090.004Domain Fronting

└ via CAPEC-481 · CWE-923

T1557.003DHCP Spoofing

└ via CAPEC-697 · CWE-923

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
sitemanager_1129_firmware	*	Tracked
sitemanager_1139_firmware	*	Tracked
sitemanager_1149_firmware	*	Tracked
sitemanager_1529_firmware	*	Tracked
sitemanager_1539_firmware	*	Tracked
sitemanager_1549_firmware	*	Tracked
sitemanager_3329_firmware	*	Tracked
sitemanager_3339_firmware	*	Tracked
sitemanager_3349_firmware	*	Tracked
sitemanager_3529_firmware	*	Tracked
sitemanager_3539_firmware	*	Tracked
sitemanager_3549_firmware	*	Tracked

Source databases

CVE