CVE-2022-43400
CVE-2022-43400
In short
A flaw in Siveillance Video Mobile Server allows attackers to log in without valid credentials by exploiting how the system handles Active Directory administrator accounts. This could let anyone access the application remotely without authorization.
Technical detail
The vulnerability exists in the authentication mechanism for Active Directory accounts assigned to the Administrators group; an unauthenticated remote attacker can bypass login requirements through improper handling of these privileged accounts. The attack requires network access to the mobile server but no prior credentials, resulting in complete unauthorized access to the application.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Siemens · Siveillance Video Mobile Server V2022 R2Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →