← Volver a CVEs
CVE-2022-31125
CRITICAL10.0
Descripcion
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/6/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
roxy-wi:roxy-wi
Debilidades (CWE)
CWE-287
Referencias
http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html(security-advisories@github.com)
https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-hr76-3hxp-5mm3(security-advisories@github.com)
http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-hr76-3hxp-5mm3(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.