PT-2022-21809 · Unknown · Cid Manager

Published

2022-07-11

Updated

2022-07-15

CVE-2022-33693

CVSS v3.1

2.3

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions CID Manager versions prior to SMR Jul-2022 Release 1

Description The issue allows a local attacker to access sensitive information, specifically the iccid, via log exposure in the CID Manager. This could potentially lead to unauthorized access to sensitive data.

Recommendations For versions prior to SMR Jul-2022 Release 1, update to SMR Jul-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.

Fix

Information Disclosure

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-532

Related Identifiers

CVE-2022-33693

Affected Products

Cid Manager

PT-2022-21809 · Unknown · Cid Manager

CVE-2022-33693

Weakness Enumeration

Related Identifiers

Affected Products

References · 4