CVE-2022-30018

{"id": "CVE-2022-30018", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-05-19T14:15:08.003", "references": [{"url": "https://github.com/PurplePetrus/MxCC_Credential-Storage_issue/blob/main/MxCC_improper_credential_storage", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/PurplePetrus/MxCC_Credential-Storage_issue/blob/main/MxCC_improper_credential_storage", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations."}, {"lang": "es", "value": "Mobotix Control Center (MxCC) versiones hasta 2.5.4.5, presenta unas credenciales insuficientemente protegidas, almacenando las contrase\u00f1as en un formato recuperable por medio del archivo de configuraci\u00f3n MxCC.ini. El m\u00e9todo de almacenamiento de credenciales en este software permite a un atacante/usuario de la m\u00e1quina conseguir acceso de administrador al software y conseguir acceso a las grabaciones/ubicaciones de grabaci\u00f3n"}], "lastModified": "2024-11-21T07:02:05.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mobotix:mxcontrolcenter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD885675-F0B4-45C9-B333-66744D4FA83E", "versionEndIncluding": "2.5.4.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}