CVE-2022-1066

Summary

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

Affected Software

VendorProductVersion RangeStatus
AethonTUG Home Base ServerAll versions < 24affected

Weaknesses

  • An unauthenticated attacker can arbitrarily add new users with administrative privileges and delete or modify existing users.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References