VAR-202209-2127
Vulnerability from variot - Updated: 2023-12-18 13:36AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. innovaphone AG of innovaphone Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. innovaphone AG is an expert in the IP telephony field of German innovaphone AG company that provides personalized and complex business communication solutions. Attackers exploit this vulnerability to modify service IDs and inject commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-2127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "innovaphone",
"scope": "lt",
"trust": 1.0,
"vendor": "innovaphone",
"version": "13r2"
},
{
"model": "innovaphone",
"scope": "eq",
"trust": 1.0,
"vendor": "innovaphone",
"version": "13r2"
},
{
"model": "innovaphone",
"scope": "eq",
"trust": 0.8,
"vendor": "innovaphone",
"version": "innovaphone firmware 13r2"
},
{
"model": "innovaphone",
"scope": "eq",
"trust": 0.8,
"vendor": "innovaphone",
"version": null
},
{
"model": "innovaphone",
"scope": null,
"trust": 0.8,
"vendor": "innovaphone",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"db": "NVD",
"id": "CVE-2022-41870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:innovaphone:innovaphone_firmware:13r2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:innovaphone:innovaphone_firmware:13r2:service_release_12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:innovaphone:innovaphone_firmware:13r2:service_release_13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:innovaphone:innovaphone_firmware:13r2:service_release_14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:innovaphone:innovaphone_firmware:13r2:service_release_15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:innovaphone:innovaphone_firmware:13r2:service_release_16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:innovaphone:innovaphone_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13r2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41870"
}
]
},
"cve": "CVE-2022-41870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41870",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41870",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-3165",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"db": "NVD",
"id": "CVE-2022-41870"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. innovaphone AG of innovaphone Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. innovaphone AG is an expert in the IP telephony field of German innovaphone AG company that provides personalized and complex business communication solutions. Attackers exploit this vulnerability to modify service IDs and inject commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41870"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"db": "VULHUB",
"id": "VHN-429146"
},
{
"db": "VULMON",
"id": "CVE-2022-41870"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41870",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018049",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-3165",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-429146",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-41870",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429146"
},
{
"db": "VULMON",
"id": "CVE-2022-41870"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"db": "NVD",
"id": "CVE-2022-41870"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
]
},
"id": "VAR-202209-2127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-429146"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:36:42.774000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "innovaphone AG Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=210288"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429146"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"db": "NVD",
"id": "CVE-2022-41870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://wiki.innovaphone.com/index.php?title=reference13r2:release_notes_security"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41870"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41870/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429146"
},
{
"db": "VULMON",
"id": "CVE-2022-41870"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"db": "NVD",
"id": "CVE-2022-41870"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-429146"
},
{
"db": "VULMON",
"id": "CVE-2022-41870"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"db": "NVD",
"id": "CVE-2022-41870"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-429146"
},
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41870"
},
{
"date": "2023-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"date": "2022-09-30T18:15:11.973000",
"db": "NVD",
"id": "CVE-2022-41870"
},
{
"date": "2022-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-429146"
},
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41870"
},
{
"date": "2023-10-18T08:09:00",
"db": "JVNDB",
"id": "JVNDB-2022-018049"
},
{
"date": "2022-10-11T18:40:58.927000",
"db": "NVD",
"id": "CVE-2022-41870"
},
{
"date": "2022-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "innovaphone\u00a0AG\u00a0 of \u00a0innovaphone\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018049"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-3165"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…