CVE-2022-22986 - Vulnerability Details - OpenCVE

Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ntt-east	Og410xa Og410xa Firmware Og410xi Og410xi Firmware Og810xa Og810xa Firmware Og810xi Og810xi Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ntt-east:og410xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:og410xa:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ntt-east:og410xi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:og410xi:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ntt-east:og810xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:og810xa:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ntt-east:og810xi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:og810xi:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://business.ntt-east.co.jp/topics/2022/03_22.html
https://jvn.jp/en/vu/JVNVU94900322/index.html
https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-03-31T07:20:41

Updated: 2024-08-03T03:28:42.756Z

Reserved: 2022-02-02T00:00:00

Link: CVE-2022-22986

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-31T08:15:08.213

Modified: 2024-11-21T06:47:44.747

Link: CVE-2022-22986

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Netcommunity OG410X and OG810X series", "vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION (NTT East) and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION (NTT West)", "versions": [{"status": "affected", "version": "Netcommunity OG410Xa, OG410Xi, OG810Xa and OG810Xi firmware Ver.2.28 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file."}], "problemTypes": [{"descriptions": [{"description": "OS Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-31T07:20:41", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://business.ntt-east.co.jp/topics/2022/03_22.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/vu/JVNVU94900322/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-22986", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Netcommunity OG410X and OG810X series", "version": {"version_data": [{"version_value": "Netcommunity OG410Xa, OG410Xi, OG810Xa and OG810Xi firmware Ver.2.28 and earlier"}]}}]}, "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION (NTT East) and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION (NTT West)"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://business.ntt-east.co.jp/topics/2022/03_22.html", "refsource": "MISC", "url": "https://business.ntt-east.co.jp/topics/2022/03_22.html"}, {"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html", "refsource": "MISC", "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html"}, {"name": "https://jvn.jp/en/vu/JVNVU94900322/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/vu/JVNVU94900322/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.756Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://business.ntt-east.co.jp/topics/2022/03_22.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/vu/JVNVU94900322/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-22986", "datePublished": "2022-03-31T07:20:41", "dateReserved": "2022-02-02T00:00:00", "dateUpdated": "2024-08-03T03:28:42.756Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ntt-east:og410xa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7861472-045E-4996-8161-A501710728C9", "versionEndIncluding": "2.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ntt-east:og410xa:-:*:*:*:*:*:*:*", "matchCriteriaId": "153F1AD9-3DC9-4D40-A211-A773D9E5F702", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ntt-east:og410xi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "450EE2C9-75D1-43C2-B872-0C0D80E928D1", "versionEndIncluding": "2.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ntt-east:og410xi:-:*:*:*:*:*:*:*", "matchCriteriaId": "315D2DEB-B1FD-4E68-91C3-64882032DAAD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ntt-east:og810xa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE3DFA4E-A389-4CE3-8941-C82C0799F046", "versionEndIncluding": "2.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ntt-east:og810xa:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FDD45EF-B29A-4D53-889E-1D276F9844E5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ntt-east:og810xi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D54251A-4FAD-4D80-9005-1AF31ABC87C7", "versionEndIncluding": "2.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ntt-east:og810xi:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CA0C9D4-D0C8-4F5F-A62D-3E733D452CE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file."}, {"lang": "es", "value": "Las series Netcommunity OG410X y OG810X (firmware Netcommunity OG410Xa, OG410Xi, OG810Xa y OG810Xi Versiones 2.28 y anteriores) permiten a un atacante en la red adyacente ejecutar un comando de Sistema Operativo arbitrario por medio de un archivo de configuraci\u00f3n especialmente dise\u00f1ado"}], "id": "CVE-2022-22986", "lastModified": "2024-11-21T06:47:44.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-31T08:15:08.213", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://business.ntt-east.co.jp/topics/2022/03_22.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/vu/JVNVU94900322/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://business.ntt-east.co.jp/topics/2022/03_22.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/vu/JVNVU94900322/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}