CVE-2022-38351

CVSS v3.1

8.8

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N

Name of the Vulnerable Software and Affected Versions Suprema BioStar (aka Bio Star) 2 version 2.8.16

Description A vulnerability in the software allows attackers to escalate privileges to System Administrator via a crafted PUT request to the "update profile page" API endpoint. This issue enables attackers to gain elevated access, potentially leading to further malicious activities.

Recommendations For Suprema BioStar (aka Bio Star) 2 version 2.8.16, as a temporary workaround, consider restricting access to the update profile page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2022-38351

Affected Products

Suprema Biostar 2

CVE-2022-38351

Weakness Enumeration

Related Identifiers

Affected Products

References · 6