PT-2022-22393 · Ifm · Ifm Moneo Appliance
Aimon Dawson
·
Published
2022-12-12
·
Updated
2023-03-01
·
CVE-2022-3485
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IFM Moneo Appliance versions up to 1.9.3
Description
An unauthenticated remote attacker can reset the administrator password by only supplying the serial number, thus gaining full control of the device.
Recommendations
For versions up to 1.9.3, as a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ifm Moneo Appliance