CVE-2022-22521 (GCVE-0-2022-22521)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 17:34
VLAI?
Title
Privilege Escalation in Miele Benchmark Programming Tool
Summary
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.
Severity ?
7.3 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
Vendor Product Version
Miele Benchmark Programming Tool Affected: 1.2.71
Create a notification for this product.
Date Public ?
2022-04-26 22:00
Credits
SEC Consult Vulnerability Lab identified and reported the vulnerability to Miele PSIRT.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
          },
          {
            "name": "20220427 SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Apr/42"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2022-015/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Benchmark Programming Tool",
          "vendor": "Miele",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.71"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SEC Consult Vulnerability Lab identified and reported the vulnerability to Miele PSIRT."
        }
      ],
      "datePublic": "2022-04-26T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.\u003c/p\u003e"
            }
          ],
          "value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-09T10:48:28.494Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
        },
        {
          "name": "20220427 SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Apr/42"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2022-015/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm\u003c/p\u003e"
            }
          ],
          "value": "A new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege Escalation in Miele Benchmark Programming Tool",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAs a further risk-minimizing measure, the write permissions of the installation folder C:\\\\Miele_Service\\\\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights.\u003c/p\u003e"
            }
          ],
          "value": "As a further risk-minimizing measure, the write permissions of the installation folder C:\\\\Miele_Service\\\\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T00:00:00.000Z",
          "ID": "CVE-2022-22521",
          "STATE": "PUBLIC",
          "TITLE": "Privilege Escalation in Miele Benchmark Programming Tool"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Benchmark Programming Tool",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.2.71",
                            "version_value": "1.2.71"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Miele"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "SEC Consult Vulnerability Lab identified and reported the vulnerability to Miele PSIRT."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm",
              "refsource": "MISC",
              "url": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
            },
            {
              "name": "20220427 SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/Apr/42"
            },
            {
              "name": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html"
            },
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2022-015/",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2022-015/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "A new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "As a further risk-minimizing measure, the write permissions of the installation folder C:\\\\Miele_Service\\\\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-22521",
    "datePublished": "2022-04-27T15:15:36.343Z",
    "dateReserved": "2022-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:34:05.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:miele:benchmark_programming_tool:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.72\", \"matchCriteriaId\": \"F8C3D5C2-04FF-42D2-BE88-B36341DBC0CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.\"}, {\"lang\": \"es\", \"value\": \"En la herramienta de programaci\\u00f3n de Miele Benchmark con versiones anteriores a la 1.2.71, los archivos ejecutables manipulados por los atacantes se ejecutan sin saberlo con privilegios de usuario. Un atacante con bajos privilegios puede enga\\u00f1ar a un usuario con privilegios administrativos para ejecutar estos binarios como admin\"}]",
      "id": "CVE-2022-22521",
      "lastModified": "2024-11-21T06:46:56.953",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-04-27T16:15:11.737",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Apr/42\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Exploit\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-015/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Patch\", \"Product\", \"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Apr/42\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-015/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Product\", \"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-22521\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-04-27T16:15:11.737\",\"lastModified\":\"2024-11-21T06:46:56.953\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.\"},{\"lang\":\"es\",\"value\":\"En la herramienta de programaci\u00f3n de Miele Benchmark con versiones anteriores a la 1.2.71, los archivos ejecutables manipulados por los atacantes se ejecutan sin saberlo con privilegios de usuario. Un atacante con bajos privilegios puede enga\u00f1ar a un usuario con privilegios administrativos para ejecutar estos binarios como admin\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miele:benchmark_programming_tool:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.72\",\"matchCriteriaId\":\"F8C3D5C2-04FF-42D2-BE88-B36341DBC0CD\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Apr/42\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-015/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Patch\",\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Apr/42\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-015/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Product\",\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.