Powertek PDU prior 3.30.30 HTTP API /cgi/get_param.cgi user.token permission
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.1 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Powertek PDU. Affected by this vulnerability is an unknown functionality of the file /cgi/get_param.cgi of the component HTTP API. The manipulation of the argument user.token results in permission. This vulnerability is reported as CVE-2022-33175. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability classified as critical has been found in Powertek PDU. Affected is an unknown functionality of the file /cgi/get_param.cgi of the component HTTP API. The manipulation of the argument user.token with an unknown input leads to a permission vulnerability. CWE is classifying the issue as CWE-275. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.
The weakness was disclosed 06/14/2022. The advisory is available at gynvael.coldwind.pl. This vulnerability is traded as CVE-2022-33175 since 06/13/2022. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1222 by the MITRE ATT&CK project.
Upgrading to version 3.30.30 eliminates this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.2VulDB Meta Temp Score: 7.1
VulDB Base Score: 4.7
VulDB Temp Score: 4.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 9.8
CNA Vector (MITRE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: PermissionCWE: CWE-275 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: PDU 3.30.30
Timeline
06/13/2022 🔍06/14/2022 🔍
06/14/2022 🔍
06/14/2022 🔍
Sources
Advisory: gynvael.coldwind.plStatus: Confirmed
CVE: CVE-2022-33175 (🔍)
GCVE (CVE): GCVE-0-2022-33175
GCVE (VulDB): GCVE-100-201762
Entry
Created: 06/14/2022 10:13Changes: 06/14/2022 10:13 (51)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.