CVE-2022-43485 Vulnerability Details

  /     /     /  

CVE-2022-43485 Metadata Quick Info

CVE Published: 30/05/2023 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Honeywell | Vendor: Honeywell | Product: OneWireless
Status : PUBLISHED

CVE-2022-43485 Description

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client\'s JWT token. This issue affects OneWireless version 322.1

Metrics

CVSS Version: 3.1 | Base Score: 6.2 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-330
CWE Name: CWE-330: Use of Insufficiently Random Values
Source: Honeywell

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-39
CAPEC Description: CAPEC-39 Manipulating Opaque Client-based Data Tokens


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-43485 Vulnerability Details