CVE-2022-43308

moderate-risk
Published 2022-11-18

INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (2)

Sg 2404 Poe Firmware

Affected Vendors

Intelbras

References (4)

Exploit https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt
Product https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-etherne...
Exploit https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt
Product https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-etherne...
31
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 7/34 · Low