Vulnerability Details : CVE-2022-34906
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests.
Products affected by CVE-2022-34906
- cpe:2.3:a:filewave:filewave:*:*:*:*:*:*:*:*
- cpe:2.3:a:filewave:filewave:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-34906
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-34906
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-34906
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-34906
-
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
Filewave MDM Security Vulnerabilities Uncovered by ClarotyExploit;Third Party Advisory
-
https://kb.filewave.com/pages/viewpage.action?pageId=55544244
FileWave Version 14.7.2 - Downloads - FileWave Knowledge BaseRelease Notes;Third Party Advisory
Jump to