CVE-2022-22521

Privilege Escalation in Miele Benchmark Programming Tool

CVSS 7.3 HIGHEPSS 0.5%CWE-732

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 abr 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

Miele · Benchmark Programming Tool

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html https://cert.vde.com/en/advisories/VDE-2022-015/http://seclists.org/fulldisclosure/2022/Apr/42 https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm