CVE-2022-41985 - Vulnerability Details - OpenCVE

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Weston-embedded	Uc-ftps

Configuration 1 [-]

cpe:2.3:a:weston-embedded:uc-ftps:1.98.00:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/weston-embedded/uC-FTPs/pull/1
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680

History

Fri, 24 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2023-05-10T15:23:52.853Z

Updated: 2025-01-24T18:05:37.345Z

Reserved: 2022-11-29T19:21:47.374Z

Link: CVE-2022-41985

Vulnrichment

Updated: 2024-08-03T12:56:39.171Z

NVD

Status : Modified

Published: 2023-05-10T16:15:09.400

Modified: 2024-11-21T07:24:13.017

Link: CVE-2022-41985

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41985", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2022-11-29T19:21:47.374Z", "datePublished": "2023-05-10T15:23:52.853Z", "dateUpdated": "2025-01-24T18:05:37.345Z"}, "containers": {"cna": {"affected": [{"vendor": "Weston Embedded", "product": "uC-FTPs", "versions": [{"version": "v 1.98.00", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "type": "CWE", "cweId": "CWE-303"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-05-10T17:00:05.769Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"url": "https://github.com/weston-embedded/uC-FTPs/pull/1", "name": "https://github.com/weston-embedded/uC-FTPs/pull/1"}], "credits": [{"lang": "en", "value": "Discovered by Kelly Leuschner of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "tags": ["x_transferred"]}, {"url": "https://github.com/weston-embedded/uC-FTPs/pull/1", "name": "https://github.com/weston-embedded/uC-FTPs/pull/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.171Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-24T18:05:33.183208Z", "id": "CVE-2022-41985", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T18:05:37.345Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41985", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2022-11-29T19:21:47.374Z", "datePublished": "2023-05-10T15:23:52.853Z", "dateUpdated": "2025-01-24T18:05:37.345Z"}, "containers": {"cna": {"affected": [{"vendor": "Weston Embedded", "product": "uC-FTPs", "versions": [{"version": "v 1.98.00", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "type": "CWE", "cweId": "CWE-303"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-05-10T17:00:05.769Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"url": "https://github.com/weston-embedded/uC-FTPs/pull/1", "name": "https://github.com/weston-embedded/uC-FTPs/pull/1"}], "credits": [{"lang": "en", "value": "Discovered by Kelly Leuschner of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680", "tags": ["x_transferred"]}, {"url": "https://github.com/weston-embedded/uC-FTPs/pull/1", "name": "https://github.com/weston-embedded/uC-FTPs/pull/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.171Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41985", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-24T18:05:33.183208Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T18:05:14.573Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:weston-embedded:uc-ftps:1.98.00:*:*:*:*:*:*:*", "matchCriteriaId": "EBF1C85E-372F-44A2-B440-AC014D4801A3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."}], "id": "CVE-2022-41985", "lastModified": "2024-11-21T07:24:13.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-10T16:15:09.400", "references": [{"source": "talos-cna@cisco.com", "tags": ["Patch"], "url": "https://github.com/weston-embedded/uC-FTPs/pull/1"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/weston-embedded/uC-FTPs/pull/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-303"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}