CVE-2022-25219

{"id": "CVE-2022-25219", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2022-03-10T17:47:02.457", "references": [{"url": "https://www.tenable.com/security/research/tra-2022-01", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."}, {"lang": "es", "value": "Se ha detectado un error de interacci\u00f3n de bytes nulos en el c\u00f3digo que el demonio telnetd_startup usa para construir un par de contrase\u00f1as ef\u00edmeras que permiten a un usuario generar un servicio de telnet en el router, y para asegurar que el servicio de telnet persiste tras el reinicio. Por medio de un intercambio dise\u00f1ado de paquetes UDP, un atacante no autenticado en la red local puede aprovechar este error de interacci\u00f3n de bytes nulos de tal manera que haga que esas contrase\u00f1as ef\u00edmeras sean predecibles (con una probabilidad de 1 en 94). Dado que el atacante debe manipular los datos procesados por la funci\u00f3n RSA_public_decrypt() de OpenSSL, una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad depende del uso de un cifrado RSA sin relleno (CVE-2022-25218)"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66980EB4-9FEC-451F-93F1-3E275CD6A462", "versionEndIncluding": "22.5.9.163"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C6D3940-9C77-4A8C-AD55-6857491B43B5", "versionEndIncluding": "21.5.37.246"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FFD131E-E41A-44BD-81B5-A1A10E64D88B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3319332E-25E6-4148-9A57-15FCF51C0413", "versionEndIncluding": "32.1.15.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D47C172-F2F6-451F-8891-D150DBBA181C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4737564-B92D-408E-81EC-598B76EE347F", "versionEndIncluding": "22.6.3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C8AE809-CB81-4CEB-B383-0461E3885892"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE04942-4274-4A96-95E4-4838AAAC09A2", "versionEndIncluding": "20.4.1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F80A65CA-B4F2-4912-B991-1D60869D5CB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}