CVE-2022-22521

Privilege Escalation in Miele Benchmark Programming Tool

CVSS 7.3 HIGHEPSS 0.5%CWE-732

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 abr 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Productos afectados

Miele · Benchmark Programming Tool

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html https://cert.vde.com/en/advisories/VDE-2022-015/http://seclists.org/fulldisclosure/2022/Apr/42 https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm