Arbitrary Account Creation in INTELBRAS SG 2404 Managed Switch
CVE-2022-43308

7.8HIGH

Key Information:

Vendor
Intelbras
Status
Sg 2404 Poe Firmware
Vendor
CVE Published:
18 November 2022

Summary

The INTELBRAS SG 2404 Managed Switch has a significant vulnerability that allows authenticated attackers to create Administrator accounts at will by manipulating user cookies. This could lead to unauthorized access and control over the network device, posing risks to the overall security and integrity of the network environment.

References

https://github.com/vitorespf/Advisories/blob/master/Intel...
https://www.intelbras.com/pt-br/switch-gerenciavel-24-por...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.