CVE-2022-0675

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.

CVSS v3 5.6 MEDIUM
CVSS v2.0 6.8 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://puppet.com/security/cve/CVE-2022-0675	Vendor Advisory
https://puppet.com/security/cve/CVE-2022-0675	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:puppet:firewall:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:39

Type	Values Removed	Values Added
CVSS	v2 : ~~6.8~~ v3 : ~~9.8~~	v2 : 6.8 v3 : 5.6
References	~~() https://puppet.com/security/cve/CVE-2022-0675 - Vendor Advisory~~	() https://puppet.com/security/cve/CVE-2022-0675 - Vendor Advisory

09 Mar 2022, 20:53

Type	Values Removed	Values Added
References	~~(MISC) https://puppet.com/security/cve/CVE-2022-0675 -~~	(MISC) https://puppet.com/security/cve/CVE-2022-0675 - Vendor Advisory
CPE		cpe:2.3:a:puppet:firewall::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.8 v3 : 9.8
CWE		CWE-20

02 Mar 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-02 21:15

Updated : 2024-11-21 06:39

NVD link : CVE-2022-0675

Mitre link : CVE-2022-0675

CVE.ORG link : CVE-2022-0675

JSON object : View

Products Affected

puppet

firewall

CWE

CWE-1289

Improper Validation of Unsafe Equivalence in Input

CWE-20

Improper Input Validation

{"id": "CVE-2022-0675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security@puppet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-03-02T21:15:08.050", "references": [{"url": "https://puppet.com/security/cve/CVE-2022-0675", "tags": ["Vendor Advisory"], "source": "security@puppet.com"}, {"url": "https://puppet.com/security/cve/CVE-2022-0675", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@puppet.com", "description": [{"lang": "en", "value": "CWE-1289"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state."}, {"lang": "es", "value": "En determinadas situaciones es posible que se presente una regla no administrada en el sistema objetivo que tenga el mismo comentario que la regla especificada en el manifiesto. Esto podr\u00eda permitir la existencia de reglas no administradas en el sistema objetivo y dejar el sistema en un estado no seguro"}], "lastModified": "2024-11-21T06:39:09.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E795094-E7DC-46FE-8C02-ED37CD49DB49", "versionEndExcluding": "3.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@puppet.com"}