CVE-2022-45938

moderate-risk
Published 2023-06-02

An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation..

Do I need to act?

!
21.1% chance of exploitation in next 30 days
EPSS score — higher than 79% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.0/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Xfinity

References (4)

Not Applicable https://my.xfinity.com/vulnerabilityreport
Exploit https://pensecure.medium.com/cve-2022-45938-f4c0d441da6f
Not Applicable https://my.xfinity.com/vulnerabilityreport
Exploit https://pensecure.medium.com/cve-2022-45938-f4c0d441da6f
49
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 14/34 · Moderate
Exposure 5/34 · Minimal