VDB
CVE-2022-40735
CVE-2022-40735
PUBLISHED
CVSS 8.699999809265137 HIGH
In Sophos Unified Threat Management (UTM) Software existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponenten "OpenSSL", "WebAdmin" sowie Fehler in der Webapplication-Firewall (WAF) zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
EPSS 1.79% · 83.1th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.79%
83.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | F5 BIG-IP | |
| Specification | Specification TLS | |
| Extreme Networks | Extreme Networks HiveOS <10.8r3 | |
| Ubuntu | Ubuntu Linux | |
| SUSE | SUSE Linux | |
| Open Source | Open Source OpenJDK <=17.0.5 | |
| Open Source | Open Source OpenVPN |
Timeline
- Nov 14, 2022 CVE Published
- Nov 15, 2022 EPSS Score
- Nov 22, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 5, 2023 EPSS Score
- Jun 17, 2023 EPSS Score
- Jul 30, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Jan 17, 2024 EPSS Score
- Apr 12, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1886.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1886 advisory
- https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-716-released advisory
- https://ubuntu.com/security/notices/USN-6854-1 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3056.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3056 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-41996 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-40735 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-20001 advisory
- https://dheatattack.gitlab.io/details/ advisory
- https://dheatattack.gitlab.io/faq/ advisory
- https://dheatattack.gitlab.io/mitigations/ advisory
- https://cybersecuritynews.com/dheat-attack/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-October/019541.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WX2JI3MUD4LZ3SGGRVYKP45PM2L4E7A2/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WX2JI3MUD4LZ3SGGRVYKP45PM2L4E7A2/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WH2LICAK2VLI5365FJFTS2QU4XOMKFF5/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WH2LICAK2VLI5365FJFTS2QU4XOMKFF5/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2YIIP7KVUHLQSOVN6ND3S7Y63XWGGD3T/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2YIIP7KVUHLQSOVN6ND3S7Y63XWGGD3T/ advisory
…and 4 more