CVE-2022-43326 : An Insecure Direct Object Reference (IDOR) vulnerability in the password reset f

An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.

Published 2022-11-29 05:15:12

Updated 2023-02-01 15:44:54

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-43326

Telosalliance » Omnia Mpx Node Firmware
Versions from including (>=) 1.0.0 and before (<) 1.5.0
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Telosalliance » Omnia Mpx Node » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-43326

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-43326

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2022-43326

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-43326

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-43326

CVE-2022-43326 - Cyber Guy's Blog
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-43326

Products affected by CVE-2022-43326

Exploit prediction scoring system (EPSS) score for CVE-2022-43326

CVSS scores for CVE-2022-43326

CWE ids for CVE-2022-43326

References for CVE-2022-43326