CVE-2022-44565

moderate-risk
Published 2022-12-23

An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.

Do I need to act?

-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (6)

Airfiber Gigabeam Firmware
Airfiber 60-Xg Firmware
Airfiber 60-Hd Firmware
Airfiber 60-Lr Firmware
Airfiber 60 Firmware

Affected Vendors

Ui

References (2)

Patch https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f...
Patch https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f...
35
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 13/34 · Low