← Retour aux CVEs

CVE-2022-31887

CRITICAL

9.8

Description

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie6/28/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

marvalglobal:marval_msm

Faiblesses (CWE)

CWE-522

References

https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/0-click-account-takeover(cve@mitre.org)

https://drive.google.com/drive/folders/12nb9KvckzhUNv4RtjlaeZi8QeFqwvkMX?usp=sharing(cve@mitre.org)

https://marvalglobal.com/(cve@mitre.org)

https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/0-click-account-takeover(af854a3a-2127-422b-91ae-364da2661108)

https://drive.google.com/drive/folders/12nb9KvckzhUNv4RtjlaeZi8QeFqwvkMX?usp=sharing(af854a3a-2127-422b-91ae-364da2661108)

https://marvalglobal.com/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.