CVE-2022-50695
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SOUND4 Ltd. | Impact/Pulse/First | Version 2: 1.1/2.15 | affected |
| SOUND4 Ltd. | Impact/Pulse Eco | 1.16 | affected |
| SOUND4 Ltd. | BigVoice4 | 1.2 | affected |
| SOUND4 Ltd. | BigVoice2 | 1.30 | affected |
| SOUND4 Ltd. | Stream | 1.1/2.4.29 | affected |
| Kantar Media | WM2 | 1.11 | affected |
Weaknesses
- CWE-770: Allocation of Resources Without Limits or Throttling
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5728.php
- https://packetstormsecurity.com/files/170255/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-ICMP-Flood-Attack.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/247948
- https://www.sound4.com/
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-icmp-flood-attack-via-network-commands
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.