Vulnerability Description
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Carrier | Hills Comnav Firmware | <= 3002-19 |
| Carrier | Hills Comnav | - |
Related Weaknesses (CWE)
References
- https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-1Vendor Advisory
- https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-1Vendor Advisory
FAQ
What is CVE-2022-1318?
CVE-2022-1318 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communicati...
How severe is CVE-2022-1318?
CVE-2022-1318 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1318?
Check the references section above for vendor advisories and patch information. Affected products include: Carrier Hills Comnav Firmware, Carrier Hills Comnav.