← back
CVE-2022-3485

Weak Password Recovery in ifm moneo appliance

CVSS 9.8 CRITICALEPSS 0.9%CWE-640
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
ifm · moneo appliance

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.vde.com/en/advisories/VDE-2022-050/