CVE-2022-45778 - Vulnerability Details - OpenCVE

https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Hillstonenet	Sc-6000-wv02 Sc-6000-wv02 Firmware Sc-6000-wv04 Sc-6000-wv04 Firmware Sc-6000-wv08 Sc-6000-wv08 Firmware Sc-6000-wv12 Sc-6000-wv12 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv02_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv02:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv04:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv08_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv08:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hillstonenet:sc-6000-wv12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hillstonenet:sc-6000-wv12:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df

History

Mon, 14 Apr 2025 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-27T00:00:00.000Z

Updated: 2025-04-14T12:56:50.618Z

Reserved: 2022-11-21T00:00:00.000Z

Link: CVE-2022-45778

Vulnrichment

Updated: 2024-08-03T14:17:04.170Z

NVD

Status : Modified

Published: 2022-12-27T22:15:14.880

Modified: 2025-04-14T13:15:16.370

Link: CVE-2022-45778

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45778", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-14T12:56:50.618Z", "dateReserved": "2022-11-21T00:00:00.000Z", "datePublished": "2022-12-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-27T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:17:04.170Z"}, "title": "CVE Program Container", "references": [{"url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T12:56:45.970424Z", "id": "CVE-2022-45778", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T12:56:50.618Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:17:04.170Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-45778", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-14T12:56:45.970424Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T12:56:38.491Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df"}], "descriptions": [{"lang": "en", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-27T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45778", "state": "PUBLISHED", "dateUpdated": "2025-04-14T12:56:50.618Z", "dateReserved": "2022-11-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-12-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv02_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8AFFD44-DC56-4807-809F-1C87986DB9B3", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv02:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D17353A-7A6C-4AA2-8B72-63DA5A8F3DFD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv04_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE5501A2-FC15-4B25-8D7C-750D935410B2", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv04:-:*:*:*:*:*:*:*", "matchCriteriaId": "08DE2243-8111-4E8B-8A7A-F6D74C41C99A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv08_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFEDD085-0FBD-4947-99F6-3CD5448AEC06", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv08:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F275043-11DA-4065-B1D6-A91526F38748", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hillstonenet:sc-6000-wv12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F1A59B9-8C07-4D7A-AB11-A72A2E173C22", "versionEndIncluding": "5.0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hillstonenet:sc-6000-wv12:-:*:*:*:*:*:*:*", "matchCriteriaId": "06E3EC96-B253-4310-9E75-93AC09BCCE48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m."}, {"lang": "es", "value": "https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 es vulnerable a un control de acceso incorrecto. Existe una vulnerabilidad de omisi\u00f3n de permisos en el firewall de la aplicaci\u00f3n WEB de Hillstone. Un atacante puede ingresar al fondo del firewall con privilegios de superadministrador a trav\u00e9s de un error de configuraci\u00f3n en report.m."}], "id": "CVE-2022-45778", "lastModified": "2025-04-14T13:15:16.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-27T22:15:14.880", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/yinfei6/6ffff06db3f7d4c24de2f784c0db10df"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}