Vulnerability Details : CVE-2022-32985
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
Products affected by CVE-2022-32985
- cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch 641 Desk V5 Sfp-vi FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch 642 Desk V5 Sfp-2vi FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 2tp(pd-f+) Sfp-vi 54vdc FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 2tp(pse+) Sfp-vi 54vdc FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 2tp Sfp-vi 54vdc FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 Tp(pse+) Sfp-2vi 54vdc FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 Tp(pse+) Sfp-2vi 54vdc Ind FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 Tp(pse+) Sfp-2vi 54vdc Med FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 Tp Sfp-2vi 54vdc FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 Tp Sfp-2vi 54vdc Ind FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 Tp Sfp-2vi 54vdc Med FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:*:*:*:*:*:*:*:*
- Nexans » Gigaswitch V5 Tp Sfp-vi 230vac FirmwareVersions from including (>=) 7.0 and before (<) 7.02cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-32985
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-32985
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-32985
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-32985
-
https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html
Nexans - Industrie & Office SwitcheVendor Advisory
-
https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch seriesExploit;Third Party Advisory
Jump to