CVE-2022-1669 - Vulnerability Details - OpenCVE

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Circutor	Compact Dc-s Basic Compact Dc-s Basic Firmware

Configuration 1 [-]

AND

cpe:2.3:o:circutor:compact_dc-s_basic_firmware:1.2.17:*:*:*:*:*:*:*

cpe:2.3:h:circutor:compact_dc-s_basic:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-05-24T17:38:36.592277Z

Updated: 2024-09-17T04:00:19.444Z

Reserved: 2022-05-10T00:00:00

Link: CVE-2022-1669

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-24T18:15:08.353

Modified: 2024-11-21T06:41:13.163

Link: CVE-2022-1669

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "COMPACT DC-S BASIC", "vendor": "CIRCUTOR", "versions": [{"status": "affected", "version": "CIR_CDC_v1.2.17"}]}], "credits": [{"lang": "en", "value": "Angel Garcia Moreno reported this vulnerability to CISA."}], "datePublic": "2022-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-24T17:38:36", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}], "source": {"advisory": "ICSA-22-137-01", "discovery": "EXTERNAL"}, "title": "Circutor COMPACT DC-S BASIC", "workarounds": [{"lang": "en", "value": "Circutor has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact Circutor customer support for additional information."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-05-17T18:31:00.000Z", "ID": "CVE-2022-1669", "STATE": "PUBLIC", "TITLE": "Circutor COMPACT DC-S BASIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "COMPACT DC-S BASIC", "version": {"version_data": [{"version_affected": "=", "version_name": "CIR_CDC_v1.2.17", "version_value": "CIR_CDC_v1.2.17"}]}}]}, "vendor_name": "CIRCUTOR"}]}}, "credit": [{"lang": "eng", "value": "Angel Garcia Moreno reported this vulnerability to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}]}, "source": {"advisory": "ICSA-22-137-01", "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Circutor has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact Circutor customer support for additional information."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.719Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1669", "datePublished": "2022-05-24T17:38:36.592277Z", "dateReserved": "2022-05-10T00:00:00", "dateUpdated": "2024-09-17T04:00:19.444Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:circutor:compact_dc-s_basic_firmware:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "EF4F1A36-3E03-4F15-BB01-2F6B759FD683", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:circutor:compact_dc-s_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "F13E8571-BE1E-4041-81F8-0F59713927DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n de firewall del portal web de administraci\u00f3n del dispositivo. El dispositivo ejecuta un binario CGI (index.cgi) para ofrecer una aplicaci\u00f3n web de administraci\u00f3n. Una vez autenticado con credenciales v\u00e1lidas en este portal web, un potencial atacante podr\u00eda enviar cualquier valor \"Address\" y \u00e9ste ser\u00eda copiado a una segunda variable con una funci\u00f3n vulnerable \"strcpy\" sin comprobar su longitud. Debido a esto, es posible enviar un valor de direcci\u00f3n largo para desbordar la pila del proceso, controlando la direcci\u00f3n de retorno de la funci\u00f3n"}], "id": "CVE-2022-1669", "lastModified": "2024-11-21T06:41:13.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-24T18:15:08.353", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}