CVE-2022-36642 — CRITICAL (9.8)

Q: How severe is CVE-2022-36642?

CVE-2022-36642 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-36642?

Check the references section above for vendor advisories and patch information. Affected products include: Telosalliance Omnia Mpx Node Firmware, Telosalliance Omnia Mpx Node.

Vulnerability Description

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Telosalliance	Omnia Mpx Node Firmware	>= 1.0.0, < 1.5.0
Telosalliance	Omnia Mpx Node	-

Related Weaknesses (CWE)

CWE-862

References

https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfdExploitThird Party Advisory
https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authenticaExploitThird Party Advisory
https://drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklLExploitThird Party Advisory
https://www.exploit-db.com/exploits/50996ExploitThird Party AdvisoryVDB Entry
https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-nodeProductVendor Advisory
https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfdExploitThird Party Advisory
https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authenticaExploitThird Party Advisory
https://drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklLExploitThird Party Advisory
https://www.exploit-db.com/exploits/50996ExploitThird Party AdvisoryVDB Entry
https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-nodeProductVendor Advisory

FAQ

What is CVE-2022-36642?

CVE-2022-36642 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial a...

How severe is CVE-2022-36642?

CVE-2022-36642 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-36642?

Check the references section above for vendor advisories and patch information. Affected products include: Telosalliance Omnia Mpx Node Firmware, Telosalliance Omnia Mpx Node.