CWE-1188
AllowedInitialization of a Resource with an Insecure Default
Abstraction: Base · Status: Incomplete
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
402 vulnerabilities reference this CWE, most recent first.
GHSA-3X4G-4374-V83H
Vulnerability from github – Published: 2024-09-13 21:31 – Updated: 2024-09-16 18:31there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-44096"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-453"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-13T21:15:10Z",
"severity": "MODERATE"
},
"details": "there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-3x4g-4374-v83h",
"modified": "2024-09-16T18:31:21Z",
"published": "2024-09-13T21:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44096"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-09-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-46RQ-Q996-RXC2
Vulnerability from github – Published: 2024-03-01 12:30 – Updated: 2024-11-04 21:30Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product.
{
"affected": [],
"aliases": [
"CVE-2024-25972"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-01T10:15:07Z",
"severity": "HIGH"
},
"details": "Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product.",
"id": "GHSA-46rq-q996-rxc2",
"modified": "2024-11-04T21:30:26Z",
"published": "2024-03-01T12:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25972"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN77203800"
},
{
"type": "WEB",
"url": "https://www.atsumi.co.jp/info-20240229.html"
},
{
"type": "WEB",
"url": "https://www.atsumi.co.jp/pdf/oet-213h-bts1.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4F33-3H34-C9HP
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target.
{
"affected": [],
"aliases": [
"CVE-2018-3591"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-11T15:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target.",
"id": "GHSA-4f33-3h34-c9hp",
"modified": "2022-05-13T01:52:33Z",
"published": "2022-05-13T01:52:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3591"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GCV-68WG-8J74
Vulnerability from github – Published: 2025-07-21 18:32 – Updated: 2025-08-07 15:33In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.
{
"affected": [],
"aliases": [
"CVE-2025-44647"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-21T16:15:28Z",
"severity": "HIGH"
},
"details": "In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.",
"id": "GHSA-4gcv-68wg-8j74",
"modified": "2025-08-07T15:33:08Z",
"published": "2025-07-21T18:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44647"
},
{
"type": "WEB",
"url": "https://gist.github.com/TPCchecker/18c32439ed13feaed99f8229d1749892"
},
{
"type": "WEB",
"url": "https://www.notion.so/CVE-2025-44647-24754a1113e780b0a130d4439861bf3c"
},
{
"type": "WEB",
"url": "http://tew-wlc100p.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4GVJ-3C7W-RV98
Vulnerability from github – Published: 2026-02-17 18:32 – Updated: 2026-02-17 18:32A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-2617"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-17T16:20:29Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-4gvj-3c7w-rv98",
"modified": "2026-02-17T18:32:57Z",
"published": "2026-02-17T18:32:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2617"
},
{
"type": "WEB",
"url": "https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0"
},
{
"type": "WEB",
"url": "https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0#proofsteps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346267"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346267"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.751436"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.751568"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4H9W-7VFP-PX8M
Vulnerability from github – Published: 2025-04-09 13:53 – Updated: 2025-09-10 21:09Impact
Currently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation.
Default settings are:
Newsletter: Double Opt-in - active
Newsletter: Double opt-in for registered customers - disabled
Log-in & sign-up: Double opt-in on sign-up - disabled
With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to “instantly active”.
Patches
Update to Shopware 6.6.10.3 or 6.5.8.17
Workarounds
For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/core"
},
"ranges": [
{
"events": [
{
"introduced": "6.6.0.0-rc1"
},
{
"fixed": "6.6.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/platform"
},
"ranges": [
{
"events": [
{
"introduced": "6.6.0.0-rc1"
},
{
"fixed": "6.6.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/platform"
},
"ranges": [
{
"events": [
{
"introduced": "6.7.0.0-rc1"
},
{
"fixed": "6.7.0.0-rc2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/core"
},
"ranges": [
{
"events": [
{
"introduced": "6.7.0.0-rc1"
},
{
"fixed": "6.7.0.0-rc2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.5.8.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/platform"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.5.8.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32378"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-799"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-09T13:53:11Z",
"nvd_published_at": "2025-04-09T16:15:25Z",
"severity": "LOW"
},
"details": "### Impact\n\nCurrently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation.\n\nDefault settings are:\n\nNewsletter: Double Opt-in - active\n\nNewsletter: Double opt-in for registered customers - disabled\n\nLog-in \u0026 sign-up: Double opt-in on sign-up - disabled\n\nWith these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to \u201cinstantly active\u201d.\n\n### Patches\nUpdate to Shopware 6.6.10.3 or 6.5.8.17\n\n### Workarounds\nFor older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.",
"id": "GHSA-4h9w-7vfp-px8m",
"modified": "2025-09-10T21:09:57Z",
"published": "2025-04-09T13:53:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32378"
},
{
"type": "PACKAGE",
"url": "https://github.com/shopware/shopware"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Shopware default newsletter opt-in settings allow for mass sign-up abuse"
}
GHSA-4HXW-GC2Q-F6F3
Vulnerability from github – Published: 2024-11-07 16:14 – Updated: 2026-06-08 20:07All Filament features that interact with storage use the default_filesystem_disk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their app, without having to touch multiple configuration options and potentially forgetting about some.
The default disk is set to public when you first install Filament, since this allows users to quickly get started developing with a functional disk that allows features such as file upload previews locally without the need to set up an S3 disk with temporary URL support.
However, some features of Filament such as exports also rely on storage, and the files that are stored contain data that should often not be public. This is not an issue for the many deployed applications, since many use a secure default disk such as S3 in production. However, CWE-1188 suggests that having the public disk as the default disk in Filament is a security vulnerability itself:
Developers often choose default values that leave the product as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value. However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it.
As such, we have implemented a measure to protect users whereby if the public disk is set as the default disk, the exports feature will automatically swap it out for the local disk, if that exists. Users who set the default disk to local or s3 already are not affected. If a user wants to continue to use the public disk for exports, they can by setting the export disk deliberately.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "filament/actions"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"fixed": "3.2.123"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-51758"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-07T16:14:13Z",
"nvd_published_at": "2024-11-07T18:15:17Z",
"severity": "LOW"
},
"details": "All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driver to something production-ready like `s3` when deploying their app, without having to touch multiple configuration options and potentially forgetting about some.\n\nThe default disk is set to `public` when you first install Filament, since this allows users to quickly get started developing with a functional disk that allows features such as file upload previews locally without the need to set up an S3 disk with temporary URL support.\n\nHowever, some features of Filament such as exports also rely on storage, and the files that are stored contain data that should often not be public. This is not an issue for the many deployed applications, since many use a secure default disk such as S3 in production. However, [CWE-1188](https://cwe.mitre.org/data/definitions/1188.html) suggests that having the `public` disk as the default disk in Filament is a security vulnerability itself:\n\n\u003e Developers often choose default values that leave the product as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value. However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it.\n\nAs such, we have implemented a measure to protect users whereby if the `public` disk is set as the default disk, the exports feature will automatically swap it out for the `local` disk, if that exists. Users who set the default disk to `local` or `s3` already are not affected. If a user wants to continue to use the `public` disk for exports, they can by [setting the export disk](https://filamentphp.com/docs/3.x/actions/prebuilt-actions/export#customizing-the-storage-disk) deliberately.",
"id": "GHSA-4hxw-gc2q-f6f3",
"modified": "2026-06-08T20:07:05Z",
"published": "2024-11-07T16:14:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/filamentphp/filament/security/advisories/GHSA-4hxw-gc2q-f6f3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51758"
},
{
"type": "WEB",
"url": "https://github.com/filamentphp/filament/commit/19f5347f0e17d9f4eb515e24ea5632031c6829df"
},
{
"type": "WEB",
"url": "https://filamentphp.com/docs/3.x/actions/prebuilt-actions/export#customizing-the-storage-disk"
},
{
"type": "PACKAGE",
"url": "https://github.com/filamentphp/filament"
},
{
"type": "WEB",
"url": "https://github.com/filamentphp/filament/blob/3.x/packages/actions/src/Exports/Exporter.php#L144-L153"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Filament has exported files stored in default (`public`) filesystem if not reconfigured"
}
GHSA-4J6G-C863-PF6H
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
{
"affected": [],
"aliases": [
"CVE-2018-15350"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-17T14:29:00Z",
"severity": "CRITICAL"
},
"details": "Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.",
"id": "GHSA-4j6g-c863-pf6h",
"modified": "2022-05-13T01:50:06Z",
"published": "2022-05-13T01:50:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15350"
},
{
"type": "WEB",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4MH9-2PMQ-746J
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.
{
"affected": [],
"aliases": [
"CVE-2018-0263"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-07T12:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.",
"id": "GHSA-4mh9-2pmq-746j",
"modified": "2022-05-13T01:17:37Z",
"published": "2022-05-13T01:17:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0263"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104419"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041065"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4PMM-C3GR-WWJ8
Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-25 00:00Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-32480"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-22T17:15:00Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure.",
"id": "GHSA-4pmm-c3gr-wwj8",
"modified": "2022-08-25T00:00:28Z",
"published": "2022-08-23T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32480"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.