Details of VAR-202206-1464

ID

VAR-202206-1464

CVE

CVE-2022-26669

TITLE

ASUS Control Center SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202206-2017

DESCRIPTION

ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. The software can monitor and control ASUS servers and workstations

Trust: 1.08

sources: NVD: CVE-2022-26669 // VULHUB: VHN-417338 // VULMON: CVE-2022-26669

AFFECTED PRODUCTS

vendor:

asus

model:

control center

scope:

version:

1.4.2.5

Trust: 1.0

sources: NVD: CVE-2022-26669

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26669
value:	MEDIUM
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-26669
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202206-2017
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-417338
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-26669
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26669
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-417338
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26669
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-26669
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-417338 // VULMON: CVE-2022-26669 // CNNVD: CNNVD-202206-2017 // NVD: CVE-2022-26669 // NVD: CVE-2022-26669

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.1

sources: VULHUB: VHN-417338 // NVD: CVE-2022-26669

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2017

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202206-2017

PATCH

title:

ASUS Control Center SQL Repair measures for injecting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197756

Trust: 0.6

sources: CNNVD: CNNVD-202206-2017

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26669	Trust: 1.8
db:	CNNVD	id:	CNNVD-202206-2017	Trust: 0.6
db:	CNVD	id:	CNVD-2022-62186	Trust: 0.1
db:	VULHUB	id:	VHN-417338	Trust: 0.1
db:	VULMON	id:	CVE-2022-26669	Trust: 0.1

sources: VULHUB: VHN-417338 // VULMON: CVE-2022-26669 // CNNVD: CNNVD-202206-2017 // NVD: CVE-2022-26669

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html	Trust: 1.8
url:	https://cxsecurity.com/cveshow/cve-2022-26669/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-417338 // VULMON: CVE-2022-26669 // CNNVD: CNNVD-202206-2017 // NVD: CVE-2022-26669

SOURCES

db:	VULHUB	id:	VHN-417338
db:	VULMON	id:	CVE-2022-26669
db:	CNNVD	id:	CNNVD-202206-2017
db:	NVD	id:	CVE-2022-26669

LAST UPDATE DATE

2024-08-14T15:42:23.130000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417338	date:	2022-06-27T00:00:00
db:	VULMON	id:	CVE-2022-26669	date:	2022-06-27T00:00:00
db:	CNNVD	id:	CNNVD-202206-2017	date:	2022-07-01T00:00:00
db:	NVD	id:	CVE-2022-26669	date:	2022-06-27T18:45:05.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417338	date:	2022-06-20T00:00:00
db:	VULMON	id:	CVE-2022-26669	date:	2022-06-20T00:00:00
db:	CNNVD	id:	CNNVD-202206-2017	date:	2022-06-20T00:00:00
db:	NVD	id:	CVE-2022-26669	date:	2022-06-20T06:15:08.903