PT-2022-9293 · Apdu9Xxx+4 · Apdu9Xxx+4
Published
2022-01-28
·
Updated
2022-02-03
·
CVE-2021-22825
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AP7xxxx and AP8xxx with NMC2 versions 6.9.6 or earlier
AP7xxx and AP8xxx with NMC3 versions 1.1.0.3 or earlier
APDU9xxx with NMC3 versions 1.0.0.28 or earlier
Description
A vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token.
Recommendations
For AP7xxxx and AP8xxx with NMC2 versions 6.9.6 or earlier, update to a version later than 6.9.6.
For AP7xxx and AP8xxx with NMC3 versions 1.1.0.3 or earlier, update to a version later than 1.1.0.3.
For APDU9xxx with NMC3 versions 1.0.0.28 or earlier, update to a version later than 1.0.0.28.
As a temporary workaround, consider avoiding the use of privileged accounts to click on potentially malicious URLs until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ap7Xxxx
Ap8Xxx
Apdu9Xxx
Nmc2
Nmc3