CVE CyberSecurity Database News

CVE-2022-39850 In mom_container_policy service, improper access control allows unauthorized read of configuration data.

Poster -

This issue was discovered during the penetration test. The service is available on public cloud service providers with the version prior to Oct-2022 release 1.

Impact: Unauthorized access to configuration data.

Attack vector: Unauthorized access to configuration data.

Secunia Advisory ID: SS19353 CVE: CVE-2019-2325 The Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.This issue was discovered during the penetration test. The service is available on public cloud service providers with the version prior to Oct-2022 release 1.Impact: Unauthorized access to configuration data.Attack vector: Unauthorized access to configuration data.Secunia Advisory ID: SS19353 CVE: CVE-2019-2325 Exploitation: Remote Severity: Critical - CVSS Base Score: 8.8 Confidence: Medium - High Impact: System access allowed: By compromising the security of a running system, an attacker can access data that could lead to a variety of consequences, from identity theft and financial loss to physical threats like kidnapping or assault. Detection scenario: On cloud hosting service provider's platform, the service is enabled and version prior to Oct-2022 release 1 was discovered.

Vulnerability Scenario:

The service is available on public cloud service providers with the version prior to Oct-2022 release 1.
Impact: Unauthorized access to configuration data.
Attack vector: Unauthorized access to configuration data.
Secunia Advisory ID: SS19353 CVE: CVE-2019-2325 Exploitation: Remote Severity: Critical - CVSS Base Score: 8.8 Confidence: Medium - High Impact: System access allowed: By compromising the security of a running system, an attacker can access data that could lead to a variety of consequences, from identity theft and financial loss to physical threats like kidnapping or assault. Detection scenario: On cloud hosting service provider's platform, the service is enabled and version prior to Oct-2022 release 1 was discovered.

Timeline

Published on: 10/07/2022 15:15:00 UTC
Last modified on: 10/08/2022 13:09:00 UTC

References