← volver
CVE-2022-3485

Weak Password Recovery in ifm moneo appliance

CVSS 9.8 CRITICALEPSS 0.9%CWE-640
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
ifm · moneo appliance

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.vde.com/en/advisories/VDE-2022-050/