1. Home
  2. CVE Database
  3. CVE-2022-38168
CRITICAL · 9.1

CVE-2022-38168

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, ...

Vulnerability Description

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
AvayaScopia Pathfinder 10 Pts Firmware8.3.7.0.4
AvayaScopia Pathfinder 10 Pts-
AvayaScopia Pathfinder 20 Pts Firmware8.3.7.0.4
AvayaScopia Pathfinder 20 Pts-

Related Weaknesses (CWE)

CWE-306

References

FAQ

What is CVE-2022-38168?

CVE-2022-38168 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, ...

How severe is CVE-2022-38168?

CVE-2022-38168 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-38168?

Check the references section above for vendor advisories and patch information. Affected products include: Avaya Scopia Pathfinder 10 Pts Firmware, Avaya Scopia Pathfinder 10 Pts, Avaya Scopia Pathfinder 20 Pts Firmware, Avaya Scopia Pathfinder 20 Pts.