CVE-2022-1400 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2022-1400?

CVE-2022-1400 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1400?

Check the references section above for vendor advisories and patch information. Affected products include: Device42 Cmdb.

Vulnerability Description

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Device42	Cmdb	< 18.01.00

Related Weaknesses (CWE)

CWE-321 CWE-798

References

https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-assThird Party Advisory
https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-assThird Party Advisory

FAQ

What is CVE-2022-1400?

CVE-2022-1400 is a vulnerability with a CVSS score of 7.1 (HIGH). Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate ...

How severe is CVE-2022-1400?

CVE-2022-1400 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1400?

Check the references section above for vendor advisories and patch information. Affected products include: Device42 Cmdb.