CVE-2022-35582

CVSS V2 None CVSS V3 High 8.8
Description
Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.
Overview
  • CVE ID
  • CVE-2022-35582
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-09-13T22:15:09
  • Last Modified Date
  • 2022-09-19T18:45:16
Weakness Enumerations
CWE URL
CWE-863 http://cwe.mitre.org/data/definitions/863.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:pentasecurity:wapples:4.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:pentasecurity:wapples:5.0.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:pentasecurity:wapples:5.0.12.0:*:*:*:*:*:*:* 1 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
https://www.pentasecurity.com/product/wapples/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-35582
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35582
History
Created Old Value New Value Data Type Notes
2022-09-13 23:00:13 Added to TrackCVE