CVE-2022-43326 in Omnia MPX Node
Summary
by MITRE • 11/29/2022
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/26/2025
The vulnerability identified as CVE-2022-43326 represents a critical Insecure Direct Object Reference flaw within the Telos Alliance Omnia MPX Node authentication system. This weakness specifically targets the password reset functionality, creating a pathway for unauthorized individuals to manipulate user account credentials without proper authorization. The affected versions range from 1.0.0 through 1.4.[*], indicating a broad impact across multiple iterations of this network security appliance. The vulnerability stems from insufficient input validation and access control mechanisms within the password reset implementation, allowing attackers to directly reference and modify user accounts through manipulated parameters.
The technical exploitation of this IDOR vulnerability occurs when an attacker can predict or manipulate object references within the password reset function. This typically involves crafting specific requests that bypass normal authentication checks and directly target user account identifiers. The flaw enables attackers to change passwords for any user account, including administrative accounts, without possessing valid credentials or undergoing proper authentication procedures. This type of vulnerability falls under CWE-284, which specifically addresses inadequate access control mechanisms, and aligns with ATT&CK technique T1078.004 for valid accounts and T1531 for credential access through privilege escalation.
The operational impact of this vulnerability is severe and far-reaching for organizations utilizing the Telos Alliance Omnia MPX Node. Successful exploitation allows attackers to gain persistent access to network resources through compromised administrator credentials, potentially leading to complete system compromise. The ability to reset administrator passwords creates a pathway for attackers to maintain long-term access while evading detection mechanisms. Organizations may experience unauthorized data access, system manipulation, and potential data exfiltration. The vulnerability also undermines the integrity of the authentication system, making it difficult to trust user account credentials and potentially affecting other security controls that depend on proper authentication.
Mitigation strategies for CVE-2022-43326 should prioritize immediate implementation of proper access controls and input validation within the password reset function. Organizations must ensure that the password reset mechanism requires proper authentication tokens, session validation, and robust user identification before allowing any password modifications. The implementation should include proper access control checks that verify the requesting user has authorization to modify the target account. Network segmentation and monitoring should be enhanced to detect anomalous password reset activities, particularly when multiple resets occur for the same account within short timeframes. Additionally, organizations should implement rate limiting and anomaly detection mechanisms to prevent automated exploitation attempts. The vendor should provide a security patch that addresses the underlying IDOR vulnerability by enforcing proper access control checks and implementing proper object reference validation. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other authentication mechanisms, ensuring comprehensive protection against credential-based attacks.