CVE-2022-44565

CVSS V2 None CVSS V3 None
Description
An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.
Overview
  • CVE ID
  • CVE-2022-44565
  • Assigner
  • support@hackerone.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-23T15:15:15
  • Last Modified Date
  • 2023-01-04T18:15:27
Weakness Enumerations
CWE URL
CWE-863 http://cwe.mitre.org/data/definitions/863.html
CWE-284 http://cwe.mitre.org/data/definitions/284.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:ui:airfiber_gigabeam_firmware:*:*:*:*:*:*:*:* 1 OR 1.4.1
cpe:2.3:h:ui:airfiber_gigabeam:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:airfiber_60-xg_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0
cpe:2.3:h:ui:airfiber_60-xg:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:airfiber_60-hd_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0
cpe:2.3:h:ui:airfiber_60-hd:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:airfiber_60-lr_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2
cpe:2.3:h:ui:airfiber_60-lr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:* 1 OR 8.7.11
cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:airfiber_60_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2
cpe:2.3:h:ui:airfiber_60:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-44565
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44565
History
Created Old Value New Value Data Type Notes
2022-12-23 16:18:45 Added to TrackCVE
2022-12-23 16:18:46 Weakness Enumeration new
2022-12-23 17:15:44 2022-12-23T16:52:12 CVE Modified Date updated
2022-12-23 17:15:44 Received Awaiting Analysis Vulnerability Status updated
2022-12-29 15:13:49 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-04 18:20:44 2023-01-04T18:15:27 CVE Modified Date updated
2023-01-04 18:20:44 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-04 18:20:45 Weakness Enumeration update
2023-01-04 18:20:47 CPE Information updated