CVE-2022-45963 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Vendor	Product	Version
h3c	secpath_f5030_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5060_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5080_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5030-d_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5060-d_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5080-d_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f500-6gw_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5010_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5020_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f5040_firmware	𝑥 ≤ 3.10_ess6703
h3c	secpath_f100-c-g3_firmware	𝑥 ≤ 3.10_ess6703

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://gist.github.com/yinfei6/fc6478328f8c2e2bf62a631a81afb265

https://gist.github.com/yinfei6/fc6478328f8c2e2bf62a631a81afb265