publicdata/nist-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nist-gov/nvd.nist.gov/vuln/cvmap/report/10366
Scott Williams c317e9b115 Update NVD
2025-03-07 17:19:30 +00:00

1235 lines
47 KiB
Text
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<title>NVD CNA Status</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="content-style-type" content="text/css" />
<meta http-equiv="content-script-type" content="text/javascript" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="/site-scripts/font-awesome/css/font-awesome.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap-theme.min.css"
type="text/css" rel="stylesheet" />
<link
href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/css/nist-fonts.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/base-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/media-resize.css" type="text/css"
rel="stylesheet" />
<meta name="theme-color" content="#000000">
<script src="/site-scripts/jquery/dist/jquery.min.js"
type="text/javascript"></script>
<script src="/site-scripts/jquery-visible/jquery.visible.min.js"
type="text/javascript"></script>
<script src="/site-scripts/underscore/underscore-min.js"
type="text/javascript"></script>
<script src="/site-media/bootstrap/js/bootstrap.js"
type="text/javascript"></script>
<script src="/site-scripts/moment/min/moment.min.js"
type="text/javascript"></script>
<script
src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js"
type="text/javascript"></script>
<script src="/site-media/js/megamenu.js" type="text/javascript"></script>
<script src="/site-media/js/nist-exit-script.js"
type="text/javascript"></script>
<script src="/site-media/js/forms.js" type="text/javascript"></script>
<script
src="/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true"
type="text/javascript" id="_fed_an_js_tag"></script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script>
<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script>
<style id="antiClickjack">
body>* {
display: none !important;
}
#antiClickjack {
display: block !important;
}
</style>
<noscript>
<style id="antiClickjackNoScript">
body>* {
display: block !important;
}
#antiClickjack {
display: none !important;
}
</style>
</noscript>
<script type="text/javascript" id="antiClickjackScript">
if (self === top) {
// no clickjacking
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
setTimeout(tryForward(), 5000);
}
function tryForward() {
top.location = self.location;
}
</script>
<meta charset="UTF-8">
<link href="/site-media/css/nvd-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/images/favicons/apple-touch-icon.png"
rel="apple-touch-icon" type="image/png" sizes="180x180" />
<link href="/site-media/images/favicons/favicon-32x32.png"
rel="icon" type="image/png" sizes="32x32" />
<link href="/site-media/images/favicons/favicon-16x16.png"
rel="icon" type="image/png" sizes="16x16" />
<link href="/site-media/images/favicons/manifest.json"
rel="manifest" />
<link href="/site-media/images/favicons/safari-pinned-tab.svg"
rel="mask-icon" color="#000000" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" />
<meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" type="image/x-icon" />
<link href="/site-media/images/favicons/favicon.ico" rel="icon"
type="image/x-icon" />
<meta charset="UTF-8">
</head>
<body>
<header role="banner" title="Site Banner">
<div id="antiClickjack" style="display: none">
<h1>You are viewing this page in an unauthorized frame window.</h1>
<p>
This is a potential security issue, you are being redirected to
<a href="https://nvd.nist.gov">https://nvd.nist.gov</a>
</p>
</div>
<div>
<section class="usa-banner" aria-label="Official government website">
<div class="usa-accordion container">
<header class="usa-banner__header">
<noscript>
<p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p>
</noscript>
<img class="usa-banner__header-flag"
src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">
&nbsp;
<span class="usa-banner__header-text">An official website of the United States government</span>
<button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner">
<span class="usa-banner__button-text">Here's how you know</span>
</button>
</header>
<div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true">
<div class="row">
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Official websites use .gov</strong>
<br>
A <strong>.gov</strong> website belongs to an official government organization in the United States.
</p>
</div>
</div>
</div>
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-https.svg" alt="Https">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Secure .gov websites use HTTPS</strong>
<br>
A <strong>lock</strong> (<img class="usa-banner__lock"
src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div>
<div>
<nav id="navbar" class="navbar">
<div id="nist-menu-container" class="container">
<div class="row">
<!-- Brand -->
<div class="col-xs-6 col-md-4 navbar-header"
style="height:104px">
<a class="navbar-brand"
href="https://www.nist.gov"
target="_blank" rel="noopener noreferrer"
id="navbar-brand-image"
style="padding-top: 36px">
<img alt="National Institute of Standards and Technology"
src="/site-media/images/nist/nist-logo.svg"
width="110" height="30">
</a>
</div>
<div class="col-xs-6 col-md-8 navbar-nist-logo">
<span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#">
<span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span
class="hidden-xxs">NVD </span>MENU</span>
</a>
</span>
</div>
</div>
</div>
<div class="main-menu-row container">
<!-- Collect the nav links, forms, and other content for toggling -->
<div id="main-menu-drop" class="col-lg-12" style="display: none;">
<ul>
<li><a href="/general"> General <span
class="expander fa fa-plus" id="nvd-header-menu-general"
data-expander-name="general" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="general">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/general/nvd-dashboard">NVD Dashboard</a>
</p>
<p>
<a href="https://www.nist.gov/itl/nvd">News and Status Updates</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/faq">FAQ</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/visualizations">Visualizations</a>
</p>
<p>
<a href="/general/legal-disclaimer">Legal Disclaimer</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln"> Vulnerabilities <span
class="expander fa fa-plus"
id="nvd-header-menu-vulnerabilities"
data-expander-name="vulnerabilities" data-expanded="false">
<span class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="vulnerabilities">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Search &amp; Statistics</a>
</p>
<p>
<a href="/vuln/categories">Weakness Types</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/data-feeds">Legacy Data Feeds</a>
</p>
<p>
<a href="/vuln/vendor-comments">Vendor Comments</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/cvmap">CVMAP</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
class="expander fa fa-plus" id="nvd-header-menu-metrics"
data-expander-name="metrics" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="metrics">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
Calculator</a>
</p>
</div>
</div>
</div></li>
<li><a href="/products"> Products <span
class="expander fa fa-plus" id="nvd-header-menu-products"
data-expander-name="products" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="products">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/products/cpe">CPE Dictionary</a>
</p>
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/statistics">CPE Statistics</a>
</p>
<p>
<a href="/products/swid">SWID</a>
</p>
</div>
<div class="col-lg-4"></div>
</div>
</div></li>
<li>
<a href="/developers">Developers<span
class="expander fa fa-plus" id="nvd-header-menu-developers"
data-expander-name="developers" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="developers">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/developers/start-here">Start Here</a>
</p>
<p>
<a href="/developers/request-an-api-key">Request an API Key</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/vulnerabilities">Vulnerabilities</a>
</p>
<p>
<a href="/developers/products">Products</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/data-sources">Data Sources</a>
</p>
<p>
<a href="/developers/terms-of-use">Terms of Use</a>
</p>
</div>
</div>
</div>
</li>
<li><a href="/contact"> Contact NVD </a></li>
<li><a href="/other"> Other Sites <span
class="expander fa fa-plus" id="nvd-header-menu-othersites"
data-expander-name="otherSites" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="otherSites">
<div class="row">
<div class="col-lg-4">
<p>
<a href="https://ncp.nist.gov">Checklist (NCP) Repository</a>
</p>
<p>
<a href="https://ncp.nist.gov/cce">Configurations (CCE)</a>
</p>
<p>
<a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
Validated Tools</a>
</p>
<p>
<a
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a>
</p>
</div>
</div>
</div></li>
<li><a href="/search"> Search <span
class="expander fa fa-plus" id="nvd-header-menu-search"
data-expander-name="search" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="search">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Vulnerability Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
</div>
</div></li>
</ul>
</div>
<!-- /#mobile-nav-container -->
</div>
</nav>
<section id="itl-header" class="has-menu">
<div class="container">
<div class="row">
<div class="col-sm-12 col-md-8">
<h2 class="hidden-xs hidden-sm">
<a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a>
</h2>
<h1 class="hidden-xs hidden-sm">
<a id="nvd-header-link"
href="/">National Vulnerability Database</a>
</h1>
<h1 class="hidden-xs text-center hidden-md hidden-lg"
>National Vulnerability Database</h1>
<h1 class="hidden-sm hidden-md hidden-lg text-center"
>NVD</h1>
</div>
<div class="col-sm-12 col-md-4">
<a style="width: 100%; text-align: center; display: block;padding-top: 14px">
<img id="img-logo-nvd-lg"
alt="National Vulnerability Database"
src="/site-media/images/F_NIST-Logo-NVD-white.svg"
width="500" height="100">
</a>
</div>
</div>
</div>
</section>
</div>
</div>
</header>
<main>
<div>
<div id="body-section" class="container">
<div class="row">
<ol class="breadcrumb">
<li><a href="/vuln" class="CMSBreadCrumbsLink">Vulnerabilities</a><a href="/vuln/cvmap" class="CMSBreadCrumbsLink">CVMAP</a></li>
</ol>
</div>
<div>
<div id="wldAlertNewerReport"
class="alert alert-warning"
role="alert">
This is not the latest report. Click
<a id="wldLinkToLatestReport"
href="/vuln/cvmap/report/18809"
target="_blank" rel="noopener noreferrer">
here to view the latest report.
</a>
</div>
<h2 id="wldHeader">
<span id="wldCategory">CVSS v3.1</span>
Statistics for
<span id="wldSourceName">HYPR Corp</span>
as of
<span id="wldCreated">05/10/2023</span>
</h2>
<div class="row">
<div class="col-md-3">
<label>Total Number CVEs Submitted</label>
</div>
<div id="wldSubmitCount"
class="col-md-1">6</div>
<div class="col-md-3">
<label>Number of Metrics Compared</label>
</div>
<div id="wldCompareCount"
class="col-md-1">48</div>
<div class="col-md-3">
<label>Acceptance Level Thresholds</label>
</div>
<div class="col-md-1">
&nbsp;
</div>
</div>
<div class="row">
<div class="col-md-3">
<label>Total Number CVEs Reviewed</label>
</div>
<div id="wldReviewCount"
class="col-md-1">6</div>
<div class="col-md-3">
<label>Analyst Match Count</label>
</div>
<div id="wldMatchCount"
class="col-md-1">31</div>
<div class="col-md-3">
Reference
</div>
<div class="col-md-1">
0-69.9%
</div>
</div>
<div class="row">
<div class="col-md-2">
<label>Acceptance Level</label>
</div>
<div class="col-md-2">
<table>
<tr>
<td>
<!-- Acceptance Level Icon -->
<div style="height:33px; width:33px;">
<object id="wldIconReference"
data="/site-media/images/svg/NVD_Reference_Stack_Plain.svg"
type="image/svg+xml"
title="Acceptance Level Icon">
</object>
</div>
</td>
<td id="wldAcceptLevel">Reference</td>
</tr>
</table>
</div>
<div class="col-md-3">
<label>Match Percent</label>
</div>
<div id="wldMatchPercent"
class="col-md-1">64.6</div>
<div class="col-md-3">
Contributor
</div>
<div class="col-md-1">
70-94.9%
</div>
</div>
<div class="row">
<div class="col-md-8">
&nbsp;
</div>
<div class="col-md-3">
Provider
</div>
<div class="col-md-1">
95-100%
</div>
</div>
<div class="row">
<table id="wldTable"
class="table table-condensed">
<thead>
<tr>
<th scope="col" nowrap>
CVE
</th>
<th scope="col" nowrap>
CNA Value
</th>
<th scope="col" nowrap>
Alignment
</th>
<th scope="col" nowrap>
NIST Value
</th>
<th scope="col" nowrap>
Reason
</th>
</tr>
</thead>
<tbody>
<tr id="wldRow1">
<td rowspan="8"
id="colCveId-0">
<a href="/vuln/detail/CVE-2022-1984"
id="cveDetailAnchor-0">CVE-2022-1984</a>
&nbsp;
<span>(4 of 8)</span>
</td>
<td id="colCnaVal-0">Attack Vector (AV) Local</td>
<td id="colAlign-0">
</td>
<td id="colNistVal-0">Attack Vector (AV) Local</td>
<td id="colReason-0"></td>
</tr>
<tr id="wldRow2">
<td id="colCnaVal-1" class="alert alert-warning">Attack Complexity (AC) High</td>
<td id="colAlign-1" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-1" class="alert alert-warning">Attack Complexity (AC) Low</td>
<td id="colReason-1">No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst</td>
</tr>
<tr id="wldRow3">
<td id="colCnaVal-2">Privileges Required (PR) Low</td>
<td id="colAlign-2">
</td>
<td id="colNistVal-2">Privileges Required (PR) Low</td>
<td id="colReason-2"></td>
</tr>
<tr id="wldRow4">
<td id="colCnaVal-3">User Interaction (UI) None</td>
<td id="colAlign-3">
</td>
<td id="colNistVal-3">User Interaction (UI) None</td>
<td id="colReason-3"></td>
</tr>
<tr id="wldRow5">
<td id="colCnaVal-4">Scope (S) Unchanged</td>
<td id="colAlign-4">
</td>
<td id="colNistVal-4">Scope (S) Unchanged</td>
<td id="colReason-4"></td>
</tr>
<tr id="wldRow6">
<td id="colCnaVal-5" class="alert alert-warning">Confidentiality (C) Low</td>
<td id="colAlign-5" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-5" class="alert alert-warning">Confidentiality (C) High</td>
<td id="colReason-5">No limiting factors for confidentiality listed</td>
</tr>
<tr id="wldRow7">
<td id="colCnaVal-6" class="alert alert-warning">Integrity (I) Low</td>
<td id="colAlign-6" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-6" class="alert alert-warning">Integrity (I) High</td>
<td id="colReason-6">No limiting factors for integrity listed</td>
</tr>
<tr id="wldRow8">
<td id="colCnaVal-7" class="alert alert-warning">Availability (A) Low</td>
<td id="colAlign-7" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-7" class="alert alert-warning">Availability (A) High</td>
<td id="colReason-7">No limiting factors for availability listed</td>
</tr>
<tr id="wldRow9">
<td rowspan="8"
id="colCveId-8">
<a href="/vuln/detail/CVE-2022-2192"
id="cveDetailAnchor-8">CVE-2022-2192</a>
&nbsp;
<span>(7 of 8)</span>
</td>
<td id="colCnaVal-8">Attack Vector (AV) Network</td>
<td id="colAlign-8">
</td>
<td id="colNistVal-8">Attack Vector (AV) Network</td>
<td id="colReason-8"></td>
</tr>
<tr id="wldRow10">
<td id="colCnaVal-9" class="alert alert-warning">Attack Complexity (AC) High</td>
<td id="colAlign-9" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-9" class="alert alert-warning">Attack Complexity (AC) Low</td>
<td id="colReason-9">No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst</td>
</tr>
<tr id="wldRow11">
<td id="colCnaVal-10">Privileges Required (PR) Low</td>
<td id="colAlign-10">
</td>
<td id="colNistVal-10">Privileges Required (PR) Low</td>
<td id="colReason-10"></td>
</tr>
<tr id="wldRow12">
<td id="colCnaVal-11">User Interaction (UI) None</td>
<td id="colAlign-11">
</td>
<td id="colNistVal-11">User Interaction (UI) None</td>
<td id="colReason-11"></td>
</tr>
<tr id="wldRow13">
<td id="colCnaVal-12">Scope (S) Unchanged</td>
<td id="colAlign-12">
</td>
<td id="colNistVal-12">Scope (S) Unchanged</td>
<td id="colReason-12"></td>
</tr>
<tr id="wldRow14">
<td id="colCnaVal-13">Confidentiality (C) High</td>
<td id="colAlign-13">
</td>
<td id="colNistVal-13">Confidentiality (C) High</td>
<td id="colReason-13"></td>
</tr>
<tr id="wldRow15">
<td id="colCnaVal-14">Integrity (I) High</td>
<td id="colAlign-14">
</td>
<td id="colNistVal-14">Integrity (I) High</td>
<td id="colReason-14"></td>
</tr>
<tr id="wldRow16">
<td id="colCnaVal-15">Availability (A) High</td>
<td id="colAlign-15">
</td>
<td id="colNistVal-15">Availability (A) High</td>
<td id="colReason-15"></td>
</tr>
<tr id="wldRow17">
<td rowspan="8"
id="colCveId-16">
<a href="/vuln/detail/CVE-2022-2193"
id="cveDetailAnchor-16">CVE-2022-2193</a>
&nbsp;
<span>(7 of 8)</span>
</td>
<td id="colCnaVal-16">Attack Vector (AV) Network</td>
<td id="colAlign-16">
</td>
<td id="colNistVal-16">Attack Vector (AV) Network</td>
<td id="colReason-16"></td>
</tr>
<tr id="wldRow18">
<td id="colCnaVal-17" class="alert alert-warning">Attack Complexity (AC) High</td>
<td id="colAlign-17" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-17" class="alert alert-warning">Attack Complexity (AC) Low</td>
<td id="colReason-17">No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst</td>
</tr>
<tr id="wldRow19">
<td id="colCnaVal-18">Privileges Required (PR) Low</td>
<td id="colAlign-18">
</td>
<td id="colNistVal-18">Privileges Required (PR) Low</td>
<td id="colReason-18"></td>
</tr>
<tr id="wldRow20">
<td id="colCnaVal-19">User Interaction (UI) None</td>
<td id="colAlign-19">
</td>
<td id="colNistVal-19">User Interaction (UI) None</td>
<td id="colReason-19"></td>
</tr>
<tr id="wldRow21">
<td id="colCnaVal-20">Scope (S) Unchanged</td>
<td id="colAlign-20">
</td>
<td id="colNistVal-20">Scope (S) Unchanged</td>
<td id="colReason-20"></td>
</tr>
<tr id="wldRow22">
<td id="colCnaVal-21">Confidentiality (C) High</td>
<td id="colAlign-21">
</td>
<td id="colNistVal-21">Confidentiality (C) High</td>
<td id="colReason-21"></td>
</tr>
<tr id="wldRow23">
<td id="colCnaVal-22">Integrity (I) High</td>
<td id="colAlign-22">
</td>
<td id="colNistVal-22">Integrity (I) High</td>
<td id="colReason-22"></td>
</tr>
<tr id="wldRow24">
<td id="colCnaVal-23">Availability (A) High</td>
<td id="colAlign-23">
</td>
<td id="colNistVal-23">Availability (A) High</td>
<td id="colReason-23"></td>
</tr>
<tr id="wldRow25">
<td rowspan="8"
id="colCveId-24">
<a href="/vuln/detail/CVE-2022-3258"
id="cveDetailAnchor-24">CVE-2022-3258</a>
&nbsp;
<span>(1 of 8)</span>
</td>
<td id="colCnaVal-24" class="alert alert-warning">Attack Vector (AV) Physical</td>
<td id="colAlign-24" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-24" class="alert alert-warning">Attack Vector (AV) Adjacent Network</td>
<td id="colReason-24">Bluetooth, 800.11 or limitation to local logical network communications identified</td>
</tr>
<tr id="wldRow26">
<td id="colCnaVal-25" class="alert alert-warning">Attack Complexity (AC) High</td>
<td id="colAlign-25" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-25" class="alert alert-warning">Attack Complexity (AC) Low</td>
<td id="colReason-25">No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst</td>
</tr>
<tr id="wldRow27">
<td id="colCnaVal-26" class="alert alert-warning">Privileges Required (PR) Low</td>
<td id="colAlign-26" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-26" class="alert alert-warning">Privileges Required (PR) None</td>
<td id="colReason-26">No privileges needed by attacker identified by NVD analyst</td>
</tr>
<tr id="wldRow28">
<td id="colCnaVal-27" class="alert alert-warning">User Interaction (UI) Required</td>
<td id="colAlign-27" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-27" class="alert alert-warning">User Interaction (UI) None</td>
<td id="colReason-27">User Interaction not identified</td>
</tr>
<tr id="wldRow29">
<td id="colCnaVal-28">Scope (S) Unchanged</td>
<td id="colAlign-28">
</td>
<td id="colNistVal-28">Scope (S) Unchanged</td>
<td id="colReason-28"></td>
</tr>
<tr id="wldRow30">
<td id="colCnaVal-29" class="alert alert-warning">Confidentiality (C) Low</td>
<td id="colAlign-29" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-29" class="alert alert-warning">Confidentiality (C) High</td>
<td id="colReason-29">No limiting factors for confidentiality listed</td>
</tr>
<tr id="wldRow31">
<td id="colCnaVal-30" class="alert alert-warning">Integrity (I) Low</td>
<td id="colAlign-30" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-30" class="alert alert-warning">Integrity (I) High</td>
<td id="colReason-30">No limiting factors for integrity listed</td>
</tr>
<tr id="wldRow32">
<td id="colCnaVal-31" class="alert alert-warning">Availability (A) Low</td>
<td id="colAlign-31" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-31" class="alert alert-warning">Availability (A) High</td>
<td id="colReason-31">No limiting factors for availability listed</td>
</tr>
<tr id="wldRow33">
<td rowspan="8"
id="colCveId-32">
<a href="/vuln/detail/CVE-2023-0834"
id="cveDetailAnchor-32">CVE-2023-0834</a>
&nbsp;
<span>(5 of 8)</span>
</td>
<td id="colCnaVal-32" class="alert alert-warning">Attack Vector (AV) Local</td>
<td id="colAlign-32" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-32" class="alert alert-warning">Attack Vector (AV) Network</td>
<td id="colReason-32">Applied AV:N due to lack of available Information for NVD Analyst</td>
</tr>
<tr id="wldRow34">
<td id="colCnaVal-33" class="alert alert-warning">Attack Complexity (AC) High</td>
<td id="colAlign-33" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-33" class="alert alert-warning">Attack Complexity (AC) Low</td>
<td id="colReason-33">No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst</td>
</tr>
<tr id="wldRow35">
<td id="colCnaVal-34" class="alert alert-warning">Privileges Required (PR) Low</td>
<td id="colAlign-34" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-34" class="alert alert-warning">Privileges Required (PR) None</td>
<td id="colReason-34">No privileges needed by attacker identified by NVD analyst</td>
</tr>
<tr id="wldRow36">
<td id="colCnaVal-35">User Interaction (UI) None</td>
<td id="colAlign-35">
</td>
<td id="colNistVal-35">User Interaction (UI) None</td>
<td id="colReason-35"></td>
</tr>
<tr id="wldRow37">
<td id="colCnaVal-36">Scope (S) Unchanged</td>
<td id="colAlign-36">
</td>
<td id="colNistVal-36">Scope (S) Unchanged</td>
<td id="colReason-36"></td>
</tr>
<tr id="wldRow38">
<td id="colCnaVal-37">Confidentiality (C) High</td>
<td id="colAlign-37">
</td>
<td id="colNistVal-37">Confidentiality (C) High</td>
<td id="colReason-37"></td>
</tr>
<tr id="wldRow39">
<td id="colCnaVal-38">Integrity (I) High</td>
<td id="colAlign-38">
</td>
<td id="colNistVal-38">Integrity (I) High</td>
<td id="colReason-38"></td>
</tr>
<tr id="wldRow40">
<td id="colCnaVal-39">Availability (A) High</td>
<td id="colAlign-39">
</td>
<td id="colNistVal-39">Availability (A) High</td>
<td id="colReason-39"></td>
</tr>
<tr id="wldRow41">
<td rowspan="8"
id="colCveId-40">
<a href="/vuln/detail/CVE-2023-1477"
id="cveDetailAnchor-40">CVE-2023-1477</a>
&nbsp;
<span>(7 of 8)</span>
</td>
<td id="colCnaVal-40">Attack Vector (AV) Network</td>
<td id="colAlign-40">
</td>
<td id="colNistVal-40">Attack Vector (AV) Network</td>
<td id="colReason-40"></td>
</tr>
<tr id="wldRow42">
<td id="colCnaVal-41">Attack Complexity (AC) Low</td>
<td id="colAlign-41">
</td>
<td id="colNistVal-41">Attack Complexity (AC) Low</td>
<td id="colReason-41"></td>
</tr>
<tr id="wldRow43">
<td id="colCnaVal-42" class="alert alert-warning">Privileges Required (PR) High</td>
<td id="colAlign-42" class="alert alert-warning">
<span>&ne;</span>
</td>
<td id="colNistVal-42" class="alert alert-warning">Privileges Required (PR) Low</td>
<td id="colReason-42">Attacker as &quot;user&quot; is mentioned, but not identified as high privileges</td>
</tr>
<tr id="wldRow44">
<td id="colCnaVal-43">User Interaction (UI) None</td>
<td id="colAlign-43">
</td>
<td id="colNistVal-43">User Interaction (UI) None</td>
<td id="colReason-43"></td>
</tr>
<tr id="wldRow45">
<td id="colCnaVal-44">Scope (S) Unchanged</td>
<td id="colAlign-44">
</td>
<td id="colNistVal-44">Scope (S) Unchanged</td>
<td id="colReason-44"></td>
</tr>
<tr id="wldRow46">
<td id="colCnaVal-45">Confidentiality (C) High</td>
<td id="colAlign-45">
</td>
<td id="colNistVal-45">Confidentiality (C) High</td>
<td id="colReason-45"></td>
</tr>
<tr id="wldRow47">
<td id="colCnaVal-46">Integrity (I) High</td>
<td id="colAlign-46">
</td>
<td id="colNistVal-46">Integrity (I) High</td>
<td id="colReason-46"></td>
</tr>
<tr id="wldRow48">
<td id="colCnaVal-47">Availability (A) High</td>
<td id="colAlign-47">
</td>
<td id="colNistVal-47">Availability (A) High</td>
<td id="colReason-47"></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</main>
<footer id="footer" role="contentinfo">
<div class="container">
<div class="row">
<div class="col-sm-12">
<ul class="social-list pull-right">
<li class="field-item service-twitter list-horiz"><a
href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span>
</a></li>
<li class="field-item service-facebook list-horiz"><a
href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-linkedin list-horiz"><a
href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-youtube list-horiz"><a
href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-rss list-horiz"><a
href="https://www.nist.gov/news-events/nist-rss-feeds"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink">
<i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i>
</a></li>
<li class="field-item service-govdelivery list-horiz last"><a
href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext">
<i class="fa fa-envelope fa-fw"><span
class="element-invisible">govdelivery</span></i><span class="ext"><span
class="element-invisible"> (link is external)</span></span>
</a></li>
</ul>
<span class="hidden-xs"> <a
title="National Institute of Standards and Technology" rel="home"
class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</span>
</div>
</div>
<div class="row hidden-sm hidden-md hidden-lg">
<div class="col-sm-12">
<a href="https://www.nist.gov"
title="National Institute of Standards and Technology" rel="home"
target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</div>
</div>
<div class="row footer-contact-container">
<div class="col-sm-6">
<strong>HEADQUARTERS</strong>
<br>
100 Bureau Drive
<br>
Gaithersburg, MD 20899
<br>
<a href="tel:301-975-2000">(301) 975-2000</a>
<br>
<br>
<a href="mailto:nvd@nist.gov">Webmaster</a> | <a
href="https://www.nist.gov/about-nist/contact-us">Contact Us</a>
| <a href="https://www.nist.gov/about-nist/visit"
style="display: inline-block;">Our Other Offices</a>
</div>
<div class="col-sm-6">
<div class="pull-right"
style="text-align:right">
<strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong>
<br>
US-CERT Security Operations Center
<br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a>
<br> Phone: 1-888-282-0870
</div>
</div>
</div>
<div class="row">
<nav title="Footer Navigation" role="navigation"
class="row footer-bottom-links-container">
<!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html -->
<p>
<a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a>
|
<a href="https://www.nist.gov/oism/accessibility">Accessibility</a>
|
<a href="https://www.nist.gov/privacy">Privacy Program</a>
|
<a href="https://www.nist.gov/oism/copyrights">Copyrights</a>
|
<a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a>
|
<a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a>
|
<a href="https://www.nist.gov/foia">FOIA</a>
|
<a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a>
|
<a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a>
|
<a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a>
|
<a href="https://www.commerce.gov/">Commerce.gov</a>
|
<a href="https://www.science.gov/">Science.gov</a>
|
<a href="https://www.usa.gov/">USA.gov</a>
</p>
</nav>
</div>
</div>
</footer>
</body>
</html>
Reference in a new issue View git blame Copy permalink