CVE-2022-43537 — Vulnetix

CVE-2022-43537 PUBLISHED CVSS 9.300000190734863 CRITICAL

In Aruba ClearPass Policy Manager existieren mehrere Schwachstellen. Ein Angreifer kann diese Schwachstellen ausnutzen, um SQL Injection- und Cross Site Scripting Angriffe durchzuführen, Code zur Ausführung zu bringen, seine Rechte zu erweitern oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.

EPSS 0.53% · 67.4th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.53%

67.4th percentile

Exploit Intelligence

POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)

Timeline

Dec 6, 2022 CVE Published
Jan 4, 2023 EPSS Score
Jan 11, 2023 CVE Updated
Feb 14, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 27, 2023 EPSS Score
May 7, 2023 EPSS Score
Jun 17, 2023 EPSS Score
Jul 29, 2023 EPSS Score
Sep 8, 2023 EPSS Score
Oct 19, 2023 EPSS Score
Nov 29, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2251.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2251 advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txt advisory

Open in Interactive Console →