CVE-2022-34906 — HIGH (7.5)

Q: How severe is CVE-2022-34906?

CVE-2022-34906 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-34906?

Check the references section above for vendor advisories and patch information. Affected products include: Filewave Filewave.

Vulnerability Description

A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Filewave	Filewave	< 14.6.3

Related Weaknesses (CWE)

CWE-798

References

https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-ExploitThird Party Advisory
https://kb.filewave.com/pages/viewpage.action?pageId=55544244Release NotesThird Party Advisory
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-ExploitThird Party Advisory
https://kb.filewave.com/pages/viewpage.action?pageId=55544244Release NotesThird Party Advisory

FAQ

What is CVE-2022-34906?

CVE-2022-34906 is a vulnerability with a CVSS score of 7.5 (HIGH). A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and eve...

How severe is CVE-2022-34906?

CVE-2022-34906 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-34906?

Check the references section above for vendor advisories and patch information. Affected products include: Filewave Filewave.