CVE-2022-3485
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ifm | moneo appliance | 0 <= 1.9.3 | affected |
| ifm | moneo appliance | 0 <= 1.9.3 | affected |
Weaknesses
- CWE-640: CWE-640 Weak Password Recovery Mechanism for Forgotten Password
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.