CVE-2022-36642

Name of the Vulnerable Software and Affected Versions Telos Alliance Omnia MPX Node versions 1.0.0 through 1.5.0+r1

Description A local file disclosure issue in the /appConfig/userDB.json file allows attackers to access user credentials, potentially gaining initial access to the control panel with high privileges due to the cleartext storage of sensitive information. This vulnerability can also be exploited to escalate privileges to root and execute arbitrary commands.

Recommendations For versions 1.0.0 through 1.4.9, update to a version later than 1.4.9 to mitigate the risk of local file disclosure and privilege escalation. For version 1.5.0+r1, consider restricting access to the /appConfig/userDB.json file until a patch is available. As a temporary workaround, consider disabling the use of the /appConfig/userDB.json file to minimize the risk of exploitation.