CVE-2022-30625 (GCVE-0-2022-30625)
Vulnerability from cvelistv5 – Published: 2022-07-18 12:58 – Updated: 2024-09-17 03:47
VLAI
Title
Chcnav - P5E GNSS Directory listing
Summary
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.
Severity
5.7 (Medium)
CWE
- CWE-548 - Information Exposure Through Directory Listing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/Departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chcnav | Chcnav - P5E GNSS |
Affected:
4.2 , < 4.1*
(custom)
|
Date Public
2022-07-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chcnav - P5E GNSS",
"vendor": "Chcnav",
"versions": [
{
"lessThan": "4.1*",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "MetaData"
}
],
"datePublic": "2022-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548 Information Exposure Through Directory Listing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T12:58:39.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"source": {
"defect": [
"ILVN-2022-0035"
],
"discovery": "EXTERNAL"
},
"title": "Chcnav - P5E GNSS Directory listing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-07-13T11:59:00.000Z",
"ID": "CVE-2022-30625",
"STATE": "PUBLIC",
"TITLE": "Chcnav - P5E GNSS Directory listing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chcnav - P5E GNSS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.1",
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "Chcnav"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "MetaData"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-548 Information Exposure Through Directory Listing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"source": {
"defect": [
"ILVN-2022-0035"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-30625",
"datePublished": "2022-07-18T12:58:39.399Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:47:36.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-30625",
"date": "2026-05-27",
"epss": "0.00135",
"percentile": "0.32878"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chcnav:p5e_gnss_firmware:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64FE8B40-946C-4D67-A3BF-BEDB5E3C3502\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chcnav:p5e_gnss_firmware:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B26293DB-77D5-4417-B72C-6EEDFE6151D5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chcnav:p5e_gnss:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56783F0F-85AA-4B6F-BC24-3F7659A86567\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.\"}, {\"lang\": \"es\", \"value\": \"Directory listing es una funci\\u00f3n del servidor web que muestra el contenido del directorio cuando no se presenta ning\\u00fan archivo de \\u00edndice en un directorio espec\\u00edfico del sitio web. Un listado de directorios proporciona a un atacante el \\u00edndice completo de todos los recursos ubicados dentro del directorio. Los riesgos y las consecuencias espec\\u00edficas var\\u00edan en funci\\u00f3n de los archivos listados y accesibles\"}]",
"id": "CVE-2022-30625",
"lastModified": "2024-11-21T07:03:03.170",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@cyber.gov.il\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 3.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2022-07-18T13:15:10.193",
"references": "[{\"url\": \"https://www.gov.il/en/Departments/faq/cve_advisories\", \"source\": \"cna@cyber.gov.il\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.gov.il/en/Departments/faq/cve_advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cna@cyber.gov.il",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cna@cyber.gov.il\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-548\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-30625\",\"sourceIdentifier\":\"cna@cyber.gov.il\",\"published\":\"2022-07-18T13:15:10.193\",\"lastModified\":\"2024-11-21T07:03:03.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.\"},{\"lang\":\"es\",\"value\":\"Directory listing es una funci\u00f3n del servidor web que muestra el contenido del directorio cuando no se presenta ning\u00fan archivo de \u00edndice en un directorio espec\u00edfico del sitio web. Un listado de directorios proporciona a un atacante el \u00edndice completo de todos los recursos ubicados dentro del directorio. Los riesgos y las consecuencias espec\u00edficas var\u00edan en funci\u00f3n de los archivos listados y accesibles\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@cyber.gov.il\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.5,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cna@cyber.gov.il\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-548\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chcnav:p5e_gnss_firmware:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64FE8B40-946C-4D67-A3BF-BEDB5E3C3502\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chcnav:p5e_gnss_firmware:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B26293DB-77D5-4417-B72C-6EEDFE6151D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chcnav:p5e_gnss:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56783F0F-85AA-4B6F-BC24-3F7659A86567\"}]}]}],\"references\":[{\"url\":\"https://www.gov.il/en/Departments/faq/cve_advisories\",\"source\":\"cna@cyber.gov.il\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.gov.il/en/Departments/faq/cve_advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…