CVE-2022-31484

Published: Jun 6, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.

Vendor	Product	Versions
LenelS2	LNL-X2210	affected `ALL - < 1.29`
LenelS2	LNL-X2220	affected `ALL - < 1.29`
LenelS2	LNL-X3300	affected `ALL - < 1.29`
LenelS2	LNL-X4420	affected `ALL - < 1.29`
LenelS2	LNL-4420	affected `ALL - < 1.29`
LenelS2	S2-LP-1501	affected `ALL - < 1.29`
LenelS2	S2-LP-1502	affected `ALL - < 1.29`
LenelS2	S2-LP-2500	affected `ALL - < 1.29`
LenelS2	S2-LP-4502	affected `ALL - < 1.29`
HID Mercury	LP1501	affected `ALL - < 1.29`
HID Mercury	LP1502	affected `ALL - < 1.29`
HID Mercury	LP2500	affected `ALL - < 1.29`
HID Mercury	LP4502	affected `ALL - < 1.29`
HID Mercury	EP4502	affected `ALL - < 1.29`

Weaknesses (CWE)

CWE-425

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://www.corporate.carrier.com/product-security/advisories-resources/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-31484

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References