CVE-2022-3485

Summary

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.

Affected Software

VendorProductVersion RangeStatus
ifmmoneo appliance0 <= 1.9.3affected
ifmmoneo appliance0 <= 1.9.3affected

Weaknesses

  • CWE-640: CWE-640 Weak Password Recovery Mechanism for Forgotten Password

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References