Attacker Value

Unknown

CVE-2022-4894

CVE ID

AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:

CVE ID:

Add References:

Advisory

Description: URL:

Add Another

Exploit

Description: URL:

Add Another

Mitigation

Description: URL:

Add Another

Government or Industry Alert

Description: URL:

Add Another

Miscellaneous

Description: URL:

Add Another

Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

Low

Attack Vector

Local

CVE-2022-4894

Disclosure Date: August 16, 2023 •

(Last updated October 08, 2023) ▾

CVE-2022-4894 CVSS v3 Base Score: 7.3

MITRE ATT&CK Log in to add MITRE ATT&CK tag

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

MITRE ATT&CK

Select the MITRE ATT&CK Tactics that apply to this CVE

Collection

Select any Techniques used:

Data from Local System

Data from Removable Media

Data from Network Shared Drive

Input Capture

Input Capture: Keylogging

Input Capture: GUI Input Capture

Input Capture: Web Portal Capture

Input Capture: Credential API Hooking

Data Staged

Data Staged: Local Data Staging

Data Staged: Remote Data Staging

Screen Capture

Email Collection

Email Collection: Local Email Collection

Email Collection: Remote Email Collection

Email Collection: Email Forwarding Rule

Clipboard Data

Automated Collection

Audio Capture

Video Capture

Man in the Browser

Data from Information Repositories

Data from Information Repositories: Confluence

Data from Information Repositories: Sharepoint

Data from Cloud Storage Object

Man-in-the-Middle

Man-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay

Archive Collected Data

Archive Collected Data: Archive via Utility

Archive Collected Data: Archive via Library

Archive Collected Data: Archive via Custom Method

Command and Control

Select any Techniques used:

Data Obfuscation

Data Obfuscation: Junk Data

Data Obfuscation: Steganography

Data Obfuscation: Protocol Impersonation

Fallback Channels

Application Layer Protocol

Application Layer Protocol: Web Protocols

Application Layer Protocol: File Transfer Protocols

Application Layer Protocol: Mail Protocols

Application Layer Protocol: DNS

Proxy

Proxy: Internal Proxy

Proxy: External Proxy

Proxy: Multi-hop Proxy

Proxy: Domain Fronting

Communication Through Removable Media

Non-Application Layer Protocol

Web Service

Web Service: Dead Drop Resolver

Web Service: Bidirectional Communication

Web Service: One-Way Communication

Multi-Stage Channels

Ingress Tool Transfer

Data Encoding

Data Encoding: Standard Encoding

Data Encoding: Non-Standard Encoding

Traffic Signaling

Traffic Signaling: Port Knocking

Remote Access Software

Dynamic Resolution

Dynamic Resolution: Fast Flux DNS

Dynamic Resolution: Domain Generation Algorithms

Dynamic Resolution: DNS Calculation

Non-Standard Port

Protocol Tunneling

Encrypted Channel

Encrypted Channel: Symmetric Cryptography

Encrypted Channel: Asymmetric Cryptography

Credential Access

Select any Techniques used:

OS Credential Dumping

OS Credential Dumping: LSASS Memory

OS Credential Dumping: Security Account Manager

OS Credential Dumping: NTDS

OS Credential Dumping: LSA Secrets

OS Credential Dumping: Cached Domain Credentials

OS Credential Dumping: DCSync

OS Credential Dumping: Proc Filesystem

OS Credential Dumping: /etc/passwd and /etc/shadow

Network Sniffing

Input Capture

Input Capture: Keylogging

Input Capture: GUI Input Capture

Input Capture: Web Portal Capture

Input Capture: Credential API Hooking

Brute Force

Brute Force: Password Guessing

Brute Force: Password Cracking

Brute Force: Password Spraying

Brute Force: Credential Stuffing

Two-Factor Authentication Interception

Forced Authentication

Exploitation for Credential Access

Steal Application Access Token

Steal Web Session Cookie

Unsecured Credentials

Unsecured Credentials: Credentials In Files

Unsecured Credentials: Credentials in Registry

Unsecured Credentials: Bash History

Unsecured Credentials: Private Keys

Unsecured Credentials: Cloud Instance Metadata API

Unsecured Credentials: Group Policy Preferences

Credentials from Password Stores

Credentials from Password Stores: Keychain

Credentials from Password Stores: Securityd Memory

Credentials from Password Stores: Credentials from Web Browsers

Modify Authentication Process

Modify Authentication Process: Domain Controller Authentication

Modify Authentication Process: Password Filter DLL

Modify Authentication Process: Pluggable Authentication Modules

Man-in-the-Middle

Man-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay

Steal or Forge Kerberos Tickets

Steal or Forge Kerberos Tickets: Golden Ticket

Steal or Forge Kerberos Tickets: Silver Ticket

Steal or Forge Kerberos Tickets: Kerberoasting

Defense Evasion

Select any Techniques used:

Direct Volume Access

Rootkit

Obfuscated Files or Information

Obfuscated Files or Information: Binary Padding

Obfuscated Files or Information: Software Packing

Obfuscated Files or Information: Steganography

Obfuscated Files or Information: Compile After Delivery

Obfuscated Files or Information: Indicator Removal from Tools

Masquerading

Masquerading: Invalid Code Signature

Masquerading: Right-to-Left Override

Masquerading: Rename System Utilities

Masquerading: Masquerade Task or Service

Masquerading: Match Legitimate Name or Location

Masquerading: Space after Filename

Process Injection

Process Injection: Dynamic-link Library Injection

Process Injection: Portable Executable Injection

Process Injection: Thread Execution Hijacking

Process Injection: Asynchronous Procedure Call

Process Injection: Thread Local Storage

Process Injection: Ptrace System Calls

Process Injection: Proc Memory

Process Injection: Extra Window Memory Injection

Process Injection: Process Hollowing

Process Injection: Process Doppelgänging

Process Injection: VDSO Hijacking

Indicator Removal on Host

Indicator Removal on Host: Clear Windows Event Logs

Indicator Removal on Host: Clear Linux or Mac System Logs

Indicator Removal on Host: Clear Command History

Indicator Removal on Host: File Deletion

Indicator Removal on Host: Network Share Connection Removal

Indicator Removal on Host: Timestomp

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Modify Registry

Trusted Developer Utilities Proxy Execution

Trusted Developer Utilities Proxy Execution: MSBuild

Access Token Manipulation

Access Token Manipulation: Token Impersonation/Theft

Access Token Manipulation: Create Process with Token

Access Token Manipulation: Make and Impersonate Token

Access Token Manipulation: Parent PID Spoofing

Access Token Manipulation: SID-History Injection

Deobfuscate/Decode Files or Information

BITS Jobs

Indirect Command Execution

Traffic Signaling

Traffic Signaling: Port Knocking

Rogue Domain Controller

Exploitation for Defense Evasion

Signed Script Proxy Execution

Signed Script Proxy Execution: PubPrn

Signed Binary Proxy Execution

Signed Binary Proxy Execution: Compiled HTML File

Signed Binary Proxy Execution: Control Panel

Signed Binary Proxy Execution: CMSTP

Signed Binary Proxy Execution: InstallUtil

Signed Binary Proxy Execution: Mshta

Signed Binary Proxy Execution: Msiexec

Signed Binary Proxy Execution: Odbcconf

Signed Binary Proxy Execution: Regsvcs/Regasm

Signed Binary Proxy Execution: Regsvr32

Signed Binary Proxy Execution: Rundll32

XSL Script Processing

Template Injection

File and Directory Permissions Modification

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification

Execution Guardrails

Execution Guardrails: Environmental Keying

Group Policy Modification

Virtualization/Sandbox Evasion

Virtualization/Sandbox Evasion: System Checks

Virtualization/Sandbox Evasion: User Activity Based Checks

Virtualization/Sandbox Evasion: Time Based Evasion

Unused/Unsupported Cloud Regions

Pre-OS Boot

Pre-OS Boot: System Firmware

Pre-OS Boot: Component Firmware

Pre-OS Boot: Bootkit

Abuse Elevation Control Mechanism

Abuse Elevation Control Mechanism: Setuid and Setgid

Abuse Elevation Control Mechanism: Bypass User Access Control

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Abuse Elevation Control Mechanism: Elevated Execution with Prompt

Use Alternate Authentication Material

Use Alternate Authentication Material: Application Access Token

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Use Alternate Authentication Material: Web Session Cookie

Subvert Trust Controls

Subvert Trust Controls: Gatekeeper Bypass

Subvert Trust Controls: Code Signing

Subvert Trust Controls: SIP and Trust Provider Hijacking

Subvert Trust Controls: Install Root Certificate

Modify Authentication Process

Modify Authentication Process: Domain Controller Authentication

Modify Authentication Process: Password Filter DLL

Modify Authentication Process: Pluggable Authentication Modules

Impair Defenses

Impair Defenses: Disable or Modify Tools

Impair Defenses: Disable Windows Event Logging

Impair Defenses: HISTCONTROL

Impair Defenses: Disable or Modify System Firewall

Impair Defenses: Indicator Blocking

Impair Defenses: Disable or Modify Cloud Firewall

Hide Artifacts

Hide Artifacts: Hidden Files and Directories

Hide Artifacts: Hidden Users

Hide Artifacts: Hidden Window

Hide Artifacts: NTFS File Attributes

Hide Artifacts: Hidden File System

Hide Artifacts: Run Virtual Instance

Hijack Execution Flow

Hijack Execution Flow: DLL Search Order Hijacking

Hijack Execution Flow: DLL Side-Loading

Hijack Execution Flow: Dylib Hijacking

Hijack Execution Flow: Executable Installer File Permissions Weakness

Hijack Execution Flow: LD_PRELOAD

Hijack Execution Flow: Path Interception by PATH Environment Variable

Hijack Execution Flow: Path Interception by Search Order Hijacking

Hijack Execution Flow: Path Interception by Unquoted Path

Hijack Execution Flow: Services File Permissions Weakness

Hijack Execution Flow: Services Registry Permissions Weakness

Hijack Execution Flow: COR_PROFILER

Modify Cloud Compute Infrastructure

Modify Cloud Compute Infrastructure: Create Snapshot

Modify Cloud Compute Infrastructure: Create Cloud Instance

Modify Cloud Compute Infrastructure: Delete Cloud Instance

Modify Cloud Compute Infrastructure: Revert Cloud Instance

Discovery

Select any Techniques used:

System Service Discovery

Application Window Discovery

Query Registry

System Network Configuration Discovery

Remote System Discovery

System Owner/User Discovery

Network Sniffing

Network Service Scanning

System Network Connections Discovery

Process Discovery

Permission Groups Discovery

Permission Groups Discovery: Local Groups

Permission Groups Discovery: Domain Groups

Permission Groups Discovery: Cloud Groups

System Information Discovery

File and Directory Discovery

Account Discovery

Account Discovery: Local Account

Account Discovery: Domain Account

Account Discovery: Email Account

Account Discovery: Cloud Account

Peripheral Device Discovery

System Time Discovery

Network Share Discovery

Password Policy Discovery

Browser Bookmark Discovery

Domain Trust Discovery

Virtualization/Sandbox Evasion

Virtualization/Sandbox Evasion: System Checks

Virtualization/Sandbox Evasion: User Activity Based Checks

Virtualization/Sandbox Evasion: Time Based Evasion

Software Discovery

Software Discovery: Security Software Discovery

Cloud Service Discovery

Cloud Service Dashboard

Execution

Select any Techniques used:

Windows Management Instrumentation

Scheduled Task/Job

Scheduled Task/Job: At (Linux)

Scheduled Task/Job: At (Windows)

Scheduled Task/Job: Cron

Scheduled Task/Job: Launchd

Scheduled Task/Job: Scheduled Task

Command and Scripting Interpreter

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: AppleScript

Command and Scripting Interpreter: Windows Command Shell

Command and Scripting Interpreter: Unix Shell

Command and Scripting Interpreter: Visual Basic

Command and Scripting Interpreter: Python

Command and Scripting Interpreter: JavaScript/JScript

Software Deployment Tools

Native API

Shared Modules

Exploitation for Client Execution

User Execution

User Execution: Malicious Link

User Execution: Malicious File

Inter-Process Communication

Inter-Process Communication: Component Object Model

Inter-Process Communication: Dynamic Data Exchange

System Services

System Services: Launchctl

System Services: Service Execution

Exfiltration

Select any Techniques used:

Exfiltration Over Other Network Medium

Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth

Automated Exfiltration

Scheduled Transfer

Data Transfer Size Limits

Exfiltration Over C2 Channel

Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Exfiltration Over Physical Medium

Exfiltration Over Physical Medium: Exfiltration over USB

Transfer Data to Cloud Account

Exfiltration Over Web Service

Exfiltration Over Web Service: Exfiltration to Code Repository

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Impact

Select any Techniques used:

Data Destruction

Data Encrypted for Impact

Service Stop

Inhibit System Recovery

Defacement

Defacement: Internal Defacement

Defacement: External Defacement

Firmware Corruption

Resource Hijacking

Network Denial of Service

Network Denial of Service: Direct Network Flood

Network Denial of Service: Reflection Amplification

Endpoint Denial of Service

Endpoint Denial of Service: OS Exhaustion Flood

Endpoint Denial of Service: Service Exhaustion Flood

Endpoint Denial of Service: Application Exhaustion Flood

Endpoint Denial of Service: Application or System Exploitation

System Shutdown/Reboot

Account Access Removal

Disk Wipe

Disk Wipe: Disk Content Wipe

Disk Wipe: Disk Structure Wipe

Data Manipulation

Data Manipulation: Stored Data Manipulation

Data Manipulation: Transmitted Data Manipulation

Data Manipulation: Runtime Data Manipulation

Initial Access

Select any Techniques used:

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Replication Through Removable Media

External Remote Services

Drive-by Compromise

Exploit Public-Facing Application

Supply Chain Compromise

Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Supply Chain Compromise: Compromise Software Supply Chain

Supply Chain Compromise: Compromise Hardware Supply Chain

Trusted Relationship

Hardware Additions

Phishing

Phishing: Spearphishing Attachment

Phishing: Spearphishing Link

Phishing: Spearphishing via Service

Lateral Movement

Select any Techniques used:

Remote Services

Remote Services: Remote Desktop Protocol

Remote Services: SMB/Windows Admin Shares

Remote Services: Distributed Component Object Model

Remote Services: SSH

Remote Services: VNC

Remote Services: Windows Remote Management

Software Deployment Tools

Taint Shared Content

Replication Through Removable Media

Exploitation of Remote Services

Internal Spearphishing

Use Alternate Authentication Material

Use Alternate Authentication Material: Application Access Token

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Use Alternate Authentication Material: Web Session Cookie

Remote Service Session Hijacking

Remote Service Session Hijacking: SSH Hijacking

Remote Service Session Hijacking: RDP Hijacking

Lateral Tool Transfer

Persistence

Select any Techniques used:

Boot or Logon Initialization Scripts

Boot or Logon Initialization Scripts: Logon Script (Windows)

Boot or Logon Initialization Scripts: Logon Script (Mac)

Boot or Logon Initialization Scripts: Network Logon Script

Boot or Logon Initialization Scripts: Rc.common

Boot or Logon Initialization Scripts: Startup Items

Scheduled Task/Job

Scheduled Task/Job: At (Linux)

Scheduled Task/Job: At (Windows)

Scheduled Task/Job: Cron

Scheduled Task/Job: Launchd

Scheduled Task/Job: Scheduled Task

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Account Manipulation

Account Manipulation: Additional Azure Service Principal Credentials

Account Manipulation: Exchange Email Delegate Permissions

Account Manipulation: Add Office 365 Global Administrator Role

Account Manipulation: SSH Authorized Keys

External Remote Services

Create Account

Create Account: Local Account

Create Account: Domain Account

Create Account: Cloud Account

Office Application Startup

Office Application Startup: Office Template Macros

Office Application Startup: Office Test

Office Application Startup: Outlook Forms

Office Application Startup: Outlook Home Page

Office Application Startup: Outlook Rules

Office Application Startup: Add-ins

Browser Extensions

BITS Jobs

Traffic Signaling

Traffic Signaling: Port Knocking

Server Software Component

Server Software Component: SQL Stored Procedures

Server Software Component: Transport Agent

Server Software Component: Web Shell

Implant Container Image

Pre-OS Boot

Pre-OS Boot: System Firmware

Pre-OS Boot: Component Firmware

Pre-OS Boot: Bootkit

Create or Modify System Process

Create or Modify System Process: Launch Agent

Create or Modify System Process: Systemd Service

Create or Modify System Process: Windows Service

Create or Modify System Process: Launch Daemon

Event Triggered Execution

Event Triggered Execution: Change Default File Association

Event Triggered Execution: Screensaver

Event Triggered Execution: Windows Management Instrumentation Event Subscription

Event Triggered Execution: .bash_profile and .bashrc

Event Triggered Execution: Trap

Event Triggered Execution: LC_LOAD_DYLIB Addition

Event Triggered Execution: Netsh Helper DLL

Event Triggered Execution: Accessibility Features

Event Triggered Execution: AppCert DLLs

Event Triggered Execution: AppInit DLLs

Event Triggered Execution: Application Shimming

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: PowerShell Profile

Event Triggered Execution: Emond

Event Triggered Execution: Component Object Model Hijacking

Boot or Logon Autostart Execution

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Boot or Logon Autostart Execution: Authentication Package

Boot or Logon Autostart Execution: Time Providers

Boot or Logon Autostart Execution: Winlogon Helper DLL

Boot or Logon Autostart Execution: Security Support Provider

Boot or Logon Autostart Execution: Kernel Modules and Extensions

Boot or Logon Autostart Execution: Re-opened Applications

Boot or Logon Autostart Execution: LSASS Driver

Boot or Logon Autostart Execution: Shortcut Modification

Boot or Logon Autostart Execution: Port Monitors

Boot or Logon Autostart Execution: Plist Modification

Compromise Client Software Binary

Hijack Execution Flow

Hijack Execution Flow: DLL Search Order Hijacking

Hijack Execution Flow: DLL Side-Loading

Hijack Execution Flow: Dylib Hijacking

Hijack Execution Flow: Executable Installer File Permissions Weakness

Hijack Execution Flow: LD_PRELOAD

Hijack Execution Flow: Path Interception by PATH Environment Variable

Hijack Execution Flow: Path Interception by Search Order Hijacking

Hijack Execution Flow: Path Interception by Unquoted Path

Hijack Execution Flow: Services File Permissions Weakness

Hijack Execution Flow: Services Registry Permissions Weakness

Hijack Execution Flow: COR_PROFILER

Privilege Escalation

Select any Techniques used:

Boot or Logon Initialization Scripts

Boot or Logon Initialization Scripts: Logon Script (Windows)

Boot or Logon Initialization Scripts: Logon Script (Mac)

Boot or Logon Initialization Scripts: Network Logon Script

Boot or Logon Initialization Scripts: Rc.common

Boot or Logon Initialization Scripts: Startup Items

Scheduled Task/Job

Scheduled Task/Job: At (Linux)

Scheduled Task/Job: At (Windows)

Scheduled Task/Job: Cron

Scheduled Task/Job: Launchd

Scheduled Task/Job: Scheduled Task

Process Injection

Process Injection: Dynamic-link Library Injection

Process Injection: Portable Executable Injection

Process Injection: Thread Execution Hijacking

Process Injection: Asynchronous Procedure Call

Process Injection: Thread Local Storage

Process Injection: Ptrace System Calls

Process Injection: Proc Memory

Process Injection: Extra Window Memory Injection

Process Injection: Process Hollowing

Process Injection: Process Doppelgänging

Process Injection: VDSO Hijacking

Exploitation for Privilege Escalation

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Access Token Manipulation

Access Token Manipulation: Token Impersonation/Theft

Access Token Manipulation: Create Process with Token

Access Token Manipulation: Make and Impersonate Token

Access Token Manipulation: Parent PID Spoofing

Access Token Manipulation: SID-History Injection

Group Policy Modification

Create or Modify System Process

Create or Modify System Process: Launch Agent

Create or Modify System Process: Systemd Service

Create or Modify System Process: Windows Service

Create or Modify System Process: Launch Daemon

Event Triggered Execution

Event Triggered Execution: Change Default File Association

Event Triggered Execution: Screensaver

Event Triggered Execution: Windows Management Instrumentation Event Subscription

Event Triggered Execution: .bash_profile and .bashrc

Event Triggered Execution: Trap

Event Triggered Execution: LC_LOAD_DYLIB Addition

Event Triggered Execution: Netsh Helper DLL

Event Triggered Execution: Accessibility Features

Event Triggered Execution: AppCert DLLs

Event Triggered Execution: AppInit DLLs

Event Triggered Execution: Application Shimming

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: PowerShell Profile

Event Triggered Execution: Emond

Event Triggered Execution: Component Object Model Hijacking

Boot or Logon Autostart Execution

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Boot or Logon Autostart Execution: Authentication Package

Boot or Logon Autostart Execution: Time Providers

Boot or Logon Autostart Execution: Winlogon Helper DLL

Boot or Logon Autostart Execution: Security Support Provider

Boot or Logon Autostart Execution: Kernel Modules and Extensions

Boot or Logon Autostart Execution: Re-opened Applications

Boot or Logon Autostart Execution: LSASS Driver

Boot or Logon Autostart Execution: Shortcut Modification

Boot or Logon Autostart Execution: Port Monitors

Boot or Logon Autostart Execution: Plist Modification

Abuse Elevation Control Mechanism

Abuse Elevation Control Mechanism: Setuid and Setgid

Abuse Elevation Control Mechanism: Bypass User Access Control

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Abuse Elevation Control Mechanism: Elevated Execution with Prompt

Hijack Execution Flow

Hijack Execution Flow: DLL Search Order Hijacking

Hijack Execution Flow: DLL Side-Loading

Hijack Execution Flow: Dylib Hijacking

Hijack Execution Flow: Executable Installer File Permissions Weakness

Hijack Execution Flow: LD_PRELOAD

Hijack Execution Flow: Path Interception by PATH Environment Variable

Hijack Execution Flow: Path Interception by Search Order Hijacking

Hijack Execution Flow: Path Interception by Unquoted Path

Hijack Execution Flow: Services File Permissions Weakness

Hijack Execution Flow: Services Registry Permissions Weakness

Hijack Execution Flow: COR_PROFILER

Topic Tags

Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)

What makes this of high-value to an attacker?

Vulnerable in default configuration

Unauthenticated

Observed in state-sponsored attacks

Observed in ransomware attacks

Gives privileged access

Easy to weaponize

Difficult to patch

Common in enterprise

CISA KEV Listed

What makes this of low-value to an attacker?

Vulnerable in uncommon configuration

Requires user interaction

Requires physical access

Requires elevated access

No useful access

Difficult to weaponize

Authenticated

Description

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

See More See Less

Ratings & Analysis
Vulnerability Details

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.3 High

Impact Score:

5.9

Exploitability Score:

1.3

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

HP and Samsung Printer software See HP Security Bulletin reference for affected versions.

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

hp,
samsung

Products

1vr14a firmware -,
209u7a firmware -,
2ky38a firmware -,
2zn49a firmware -,
2zn50a firmware -,
3a9x1a#ab1 firmware -,
3a9x2a#301 firmware -,
3a9x3a#ab1 firmware -,
3a9x4a#ab1 firmware -,
3a9x7a#ab1 firmware -,
3a9x8a#ab1 firmware -,
3b0c0a#301 firmware -,
3b0c1a#304 firmware -,
3b0c3a#ab1 firmware -,
3b0c4a#301 firmware -,
3b0c5a#ab1 firmware -,
3b0c6a#312 firmware -,
3b0c7a#301 firmware -,
3b0c8a#ab1 firmware -,
3b0c9a#304 firmware -,
3b0d1a#ab1 firmware -,
3b0d3a#301 firmware -,
4zb79a firmware -,
4zb80a firmware -,
4zb81a firmware -,
4zb82a firmware -,
4zb83a firmware -,
4zb84a firmware -,
4zb85a firmware -,
4zb86a firmware -,
4zb87a firmware -,
4zb88a firmware -,
4zb89a firmware -,
4zb90a firmware -,
4zb91a firmware -,
4zb92a firmware -,
4zb93a firmware -,
4zb94a firmware -,
4zb95a firmware -,
4zb96a firmware -,
4zb97a firmware -,
5ue14a firmware -,
5ue15a firmware -,
6hu08a firmware -,
6hu09a firmware -,
6hu10a firmware -,
6hu11a firmware -,
6hu12a firmware -,
714z6a firmware -,
714z7a firmware -,
714z8a firmware -,
714z9a firmware -,
715a0a firmware -,
715a1a firmware -,
715a2a firmware -,
715a3a firmware -,
715a4a firmware -,
715a5a firmware -,
715a6a firmware -,
7ab26a firmware -,
7fq86a#ab1 firmware -,
7fq87a#ab1 firmware -,
7fq88a#ab1 firmware -,
7fq89a#ab1 firmware -,
7fq90a#ab1 firmware -,
7fq91a#ab1 firmware -,
7fq92a#ab1 firmware -,
7fq93a#ab1 firmware -,
7fq94a#ab1 firmware -,
7fq95a#ab1 firmware -,
7fq96a#ab1 firmware -,
7fq97a#ab1 firmware -,
7fq98a#ab1 firmware -,
7fq99a#ab1 firmware -,
7fr00a#ab1 firmware -,
7fr01a#ab1 firmware -,
7fr02a#ab1 firmware -,
7fr03a#ab1 firmware -,
7fr04a#ab1 firmware -,
7fr05a#ab1 firmware -,
7gf47a#ab1 firmware -,
7gf48a#ab1 firmware -,
7gf49a#ab1 firmware -,
7gf50a#ab1 firmware -,
7gf51a#ab1 firmware -,
7gf52a#ab1 firmware -,
7gf53a#ab1 firmware -,
7gf54a#ab1 firmware -,
7gf55a#ab1 firmware -,
7uq76a firmware -,
7zb19a firmware -,
7zb20a firmware -,
7zb21a firmware -,
7zb25a firmware -,
7zb72a firmware -,
8af49a firmware -,
8af50a firmware -,
8af51a firmware -,
8af52a firmware -,
8pa10a#301 firmware -,
8pa11a#301 firmware -,
8pa12a#302 firmware -,
8pa13a#302 firmware -,
8pa14a#302 firmware -,
9vv52a firmware -,
ss027a firmware -,
ss027b firmware -,
ss027c firmware -,
ss027d firmware -,
ss027e firmware -,
ss027f firmware -,
ss027g firmware -,
ss027h firmware -,
ss027j firmware -,
ss027k firmware -,
ss027l firmware -,
ss033a firmware -,
ss033b firmware -,
ss033c firmware -,
ss033d firmware -,
ss033e firmware -,
ss033f firmware -,
ss033g firmware -,
ss033h firmware -,
ss033j firmware -,
ss033k firmware -,
ss033l firmware -,
ss033m firmware -,
ss033n firmware -,
ss041a firmware -,
ss041b firmware -,
ss041c firmware -,
ss041d firmware -,
ss041e firmware -,
ss041f firmware -,
ss041g firmware -,
ss041h firmware -,
ss041j firmware -,
ss042a firmware -,
ss042b firmware -,
ss042c firmware -,
ss042d firmware -,
ss042e firmware -,
ss042f firmware -,
ss042g firmware -,
ss042h firmware -,
ss042j firmware -,
ss043a firmware -,
ss043b firmware -,
ss043c firmware -,
ss043d firmware -,
ss043e firmware -,
ss043f firmware -,
ss043g firmware -,
ss043h firmware -,
ss043j firmware -,
ss043k firmware -,
ss043l firmware -,
ss044a firmware -,
ss044b firmware -,
ss044c firmware -,
ss044d firmware -,
ss044e firmware -,
ss044f firmware -,
ss044g firmware -,
ss044h firmware -,
ss044j firmware -,
ss044k firmware -,
ss044l firmware -,
ss044m firmware -,
ss044n firmware -,
ss049a firmware -,
ss049b firmware -,
ss049c firmware -,
ss049d firmware -,
ss049e firmware -,
ss049f firmware -,
ss049g firmware -,
ss049h firmware -,
ss049j firmware -,
ss049k firmware -,
ss049l firmware -,
ss049m firmware -,
ss049n firmware -,
ss058a firmware -,
ss058b firmware -,
ss058c firmware -,
ss058d firmware -,
ss058e firmware -,
ss058f firmware -,
ss058g firmware -,
ss058h firmware -,
ss058j firmware -,
ss059a firmware -,
ss059b firmware -,
ss059c firmware -,
ss059d firmware -,
ss059e firmware -,
ss059f firmware -,
ss059g firmware -,
ss059j firmware -,
ss075a firmware -,
ss075b firmware -,
ss075c firmware -,
ss075d firmware -,
ss075e firmware -,
ss075f firmware -,
ss075g firmware -,
ss075h firmware -,
ss075j firmware -,
ss075k firmware -,
ss076a firmware -,
ss076b firmware -,
ss076c firmware -,
ss076d firmware -,
ss076e firmware -,
ss076f firmware -,
ss076g firmware -,
ss076h firmware -,
ss076j firmware -,
ss076k firmware -,
ss076l firmware -,
ss076m firmware -,
ss076n firmware -,
ss076p firmware -,
ss076q firmware -,
ss076s firmware -,
ss076t firmware -,
ss076u firmware -,
ss076v firmware -,
ss076w firmware -,
ss076x firmware -,
ss076z firmware -,
ss102a firmware -,
ss103a firmware -,
ss104a firmware -,
ss105a firmware -,
ss105b firmware -,
ss105c firmware -,
ss105d firmware -,
ss105e firmware -,
ss105f firmware -,
ss105g firmware -,
ss105h firmware -,
ss105j firmware -,
ss106a firmware -,
ss106b firmware -,
ss106c firmware -,
ss106d firmware -,
ss106e firmware -,
ss106f firmware -,
ss106g firmware -,
ss106h firmware -,
ss106j firmware -,
ss106k firmware -,
ss106l firmware -,
ss106m firmware -,
ss106n firmware -,
ss106p firmware -,
ss106q firmware -,
ss106s firmware -,
ss106t firmware -,
ss106z firmware -,
ss107a firmware -,
ss107b firmware -,
ss107c firmware -,
ss107d firmware -,
ss107e firmware -,
ss107f firmware -,
ss107g firmware -,
ss107h firmware -,
ss107j firmware -,
ss107k firmware -,
ss107l firmware -,
ss107m firmware -,
ss107n firmware -,
ss107q firmware -,
ss108a firmware -,
ss108b firmware -,
ss108c firmware -,
ss108d firmware -,
ss108e firmware -,
ss108f firmware -,
ss108g firmware -,
ss108h firmware -,
ss108j firmware -,
ss108k firmware -,
ss108l firmware -,
ss149a firmware -,
ss150a firmware -,
ss150b firmware -,
ss150c firmware -,
ss150d firmware -,
ss150e firmware -,
ss150f firmware -,
ss150g firmware -,
ss150h firmware -,
ss150j firmware -,
ss150k firmware -,
ss150l firmware -,
ss150m firmware -,
ss150n firmware -,
ss150p firmware -,
ss150q firmware -,
ss150s firmware -,
ss150t firmware -,
ss151a firmware -,
ss151b firmware -,
ss152a firmware -,
ss152b firmware -,
ss152c firmware -,
ss152d firmware -,
ss153a firmware -,
ss153b firmware -,
ss153c firmware -,
ss153d firmware -,
ss153e firmware -,
ss153f firmware -,
ss153g firmware -,
ss153h firmware -,
ss153j firmware -,
ss153k firmware -,
ss153l firmware -,
ss154a firmware -,
ss154b firmware -,
ss195a firmware -,
ss195b firmware -,
ss196a firmware -,
ss196b firmware -,
ss196c firmware -,
ss196d firmware -,
ss196e firmware -,
ss196f firmware -,
ss196g firmware -,
ss196h firmware -,
ss197a firmware -,
ss198a firmware -,
ss199a firmware -,
ss204a firmware -,
ss204b firmware -,
ss204c firmware -,
ss204d firmware -,
ss204e firmware -,
ss204f firmware -,
ss204g firmware -,
ss204h firmware -,
ss204j firmware -,
ss204k firmware -,
ss204l firmware -,
ss204m firmware -,
ss204n firmware -,
ss204p firmware -,
ss205a firmware -,
ss205b firmware -,
ss205c firmware -,
ss205d firmware -,
ss205e firmware -,
ss205f firmware -,
ss205g firmware -,
ss205h firmware -,
ss205j firmware -,
ss205k firmware -,
ss205l firmware -,
ss205m firmware -,
ss205n firmware -,
ss205p firmware -,
ss205q firmware -,
ss205s firmware -,
ss205t firmware -,
ss205u firmware -,
ss205z firmware -,
ss209a firmware -,
ss210a firmware -,
ss210b firmware -,
ss210c firmware -,
ss210d firmware -,
ss210e firmware -,
ss210f firmware -,
ss210g firmware -,
ss210h firmware -,
ss210j firmware -,
ss210k firmware -,
ss210l firmware -,
ss210m firmware -,
ss210n firmware -,
ss211a firmware -,
ss211b firmware -,
ss211c firmware -,
ss211d firmware -,
ss211e firmware -,
ss211f firmware -,
ss211g firmware -,
ss211h firmware -,
ss211j firmware -,
ss211k firmware -,
ss211l firmware -,
ss211m firmware -,
ss211n firmware -,
ss211p firmware -,
ss212a firmware -,
ss213a firmware -,
ss213b firmware -,
ss213c firmware -,
ss213d firmware -,
ss213e firmware -,
ss213f firmware -,
ss213g firmware -,
ss213h firmware -,
ss215a firmware -,
ss216a firmware -,
ss216b firmware -,
ss216c firmware -,
ss216d firmware -,
ss216e firmware -,
ss216f firmware -,
ss216g firmware -,
ss216h firmware -,
ss216j firmware -,
ss216k firmware -,
ss216l firmware -,
ss216m firmware -,
ss216n firmware -,
ss216p firmware -,
ss216q firmware -,
ss216s firmware -,
ss216t firmware -,
ss216u firmware -,
ss216v firmware -,
ss216z firmware -,
ss217a firmware -,
ss218a firmware -,
ss218b firmware -,
ss218c firmware -,
ss218d firmware -,
ss218e firmware -,
ss218f firmware -,
ss218g firmware -,
ss218h firmware -,
ss218j firmware -,
ss218k firmware -,
ss219a firmware -,
ss219b firmware -,
ss219c firmware -,
ss219d firmware -,
ss219e firmware -,
ss219f firmware -,
ss229a firmware -,
ss229b firmware -,
ss229c firmware -,
ss229d firmware -,
ss229e firmware -,
ss229f firmware -,
ss229g firmware -,
ss229h firmware -,
ss229j firmware -,
ss230a firmware -,
ss230b firmware -,
ss230c firmware -,
ss230d firmware -,
ss230e firmware -,
ss230f firmware -,
ss230g firmware -,
ss230h firmware -,
ss230j firmware -,
ss230k firmware -,
ss230l firmware -,
ss230m firmware -,
ss230n firmware -,
ss230p firmware -,
ss230q firmware -,
ss230s firmware -,
ss230t firmware -,
ss230z firmware -,
ss231a firmware -,
ss232a firmware -,
ss233a firmware -,
ss234a firmware -,
ss235a firmware -,
ss236a firmware -,
ss237a firmware -,
ss237b firmware -,
ss254a firmware -,
ss254b firmware -,
ss254c firmware -,
ss254d firmware -,
ss254e firmware -,
ss254f firmware -,
ss254g firmware -,
ss255a firmware -,
ss255b firmware -,
ss255c firmware -,
ss256a firmware -,
ss256b firmware -,
ss256c firmware -,
ss256d firmware -,
ss256e firmware -,
ss256f firmware -,
ss256g firmware -,
ss256h firmware -,
ss256j firmware -,
ss256k firmware -,
ss256l firmware -,
ss256m firmware -,
ss256n firmware -,
ss256p firmware -,
ss256q firmware -,
ss256s firmware -,
ss256t firmware -,
ss256z firmware -,
ss257a firmware -,
ss257b firmware -,
ss257c firmware -,
ss257d firmware -,
ss257e firmware -,
ss257f firmware -,
ss257g firmware -,
ss257h firmware -,
ss257j firmware -,
ss257k firmware -,
ss257l firmware -,
ss257m firmware -,
ss257n firmware -,
ss257p firmware -,
ss257q firmware -,
ss257z firmware -,
ss258a firmware -,
ss259a firmware -,
ss260a firmware -,
ss261a firmware -,
ss262a firmware -,
ss263a firmware -,
ss263b firmware -,
ss264a firmware -,
ss265a firmware -,
ss266a firmware -,
ss267a firmware -,
ss267b firmware -,
ss268a firmware -,
ss268b firmware -,
ss271a firmware -,
ss271b firmware -,
ss271c firmware -,
ss271d firmware -,
ss271e firmware -,
ss271f firmware -,
ss271g firmware -,
ss271h firmware -,
ss271j firmware -,
ss271k firmware -,
ss271l firmware -,
ss271m firmware -,
ss271n firmware -,
ss271p firmware -,
ss271q firmware -,
ss271s firmware -,
ss271t firmware -,
ss272a firmware -,
ss272b firmware -,
ss272c firmware -,
ss272d firmware -,
ss272e firmware -,
ss272f firmware -,
ss272g firmware -,
ss272h firmware -,
ss272j firmware -,
ss272k firmware -,
ss272l firmware -,
ss272m firmware -,
ss272n firmware -,
ss272p firmware -,
ss272q firmware -,
ss272s firmware -,
ss272t firmware -,
ss272u firmware -,
ss272z firmware -,
ss273a firmware -,
ss273b firmware -,
ss274a firmware -,
ss274b firmware -,
ss275a firmware -,
ss275b firmware -,
ss275c firmware -,
ss276a firmware -,
ss276b firmware -,
ss276c firmware -,
ss277a firmware -,
ss277b firmware -,
ss278a firmware -,
ss279a firmware -,
ss280a firmware -,
ss281a firmware -,
ss281b firmware -,
ss281c firmware -,
ss282a firmware -,
ss282b firmware -,
ss282c firmware -,
ss283a firmware -,
ss284a firmware -,
ss284b firmware -,
ss285a firmware -,
ss286a firmware -,
ss287a firmware -,
ss287b firmware -,
ss288a firmware -,
ss322a firmware -,
ss322b firmware -,
ss322c firmware -,
ss323a firmware -,
ss324a firmware -,
ss325a firmware -,
ss326a firmware -,
ss326b firmware -,
ss326c firmware -,
ss326d firmware -,
ss326e firmware -,
ss327a firmware -,
ss327b firmware -,
ss327c firmware -,
ss327d firmware -,
ss328a firmware -,
ss328b firmware -,
ss329a firmware -,
ss330a firmware -,
ss330b firmware -,
ss330c firmware -,
ss331a firmware -,
ss331b firmware -,
ss332a firmware -,
ss333a firmware -,
ss334a firmware -,
ss334b firmware -,
ss334c firmware -,
ss334d firmware -,
ss334e firmware -,
ss334f firmware -,
ss335a firmware -,
ss335b firmware -,
ss335c firmware -,
ss335d firmware -,
ss335e firmware -,
ss335f firmware -,
ss335g firmware -,
ss335h firmware -,
ss336a firmware -,
ss336b firmware -,
ss337a firmware -,
ss338a firmware -,
ss339a firmware -,
ss339b firmware -,
ss339c firmware -,
ss339d firmware -,
ss339e firmware -,
ss339f firmware -,
ss339g firmware -,
ss340a firmware -,
ss340b firmware -,
ss340c firmware -,
ss340d firmware -,
ss341a firmware -,
ss342a firmware -,
ss342b firmware -,
ss342c firmware -,
ss342d firmware -,
ss342e firmware -,
ss342f firmware -,
ss342g firmware -,
ss343a firmware -,
ss343b firmware -,
ss343c firmware -,
ss343d firmware -,
ss343e firmware -,
ss343f firmware -,
ss343g firmware -,
ss343h firmware -,
ss343j firmware -,
ss343k firmware -,
ss344a firmware -,
ss344b firmware -,
ss348a firmware -,
ss348b firmware -,
ss348c firmware -,
ss349a firmware -,
ss349b firmware -,
ss349c firmware -,
ss349d firmware -,
ss349e firmware -,
ss349f firmware -,
ss350a firmware -,
ss351a firmware -,
ss352a firmware -,
ss352b firmware -,
ss352c firmware -,
ss352d firmware -,
ss352e firmware -,
ss352f firmware -,
ss352g firmware -,
ss352h firmware -,
ss352j firmware -,
ss352k firmware -,
ss352l firmware -,
ss352m firmware -,
ss352n firmware -,
ss352p firmware -,
ss352q firmware -,
ss352s firmware -,
ss353a firmware -,
ss353b firmware -,
ss353c firmware -,
ss353d firmware -,
ss353e firmware -,
ss353f firmware -,
ss353g firmware -,
ss353h firmware -,
ss353j firmware -,
ss353k firmware -,
ss354a firmware -,
ss355a firmware -,
ss356a firmware -,
ss357a firmware -,
ss359a firmware -,
ss359b firmware -,
ss359c firmware -,
ss359d firmware -,
ss359e firmware -,
ss359f firmware -,
ss359g firmware -,
ss359h firmware -,
ss359j firmware -,
ss359k firmware -,
ss359l firmware -,
ss359m firmware -,
ss359n firmware -,
ss359p firmware -,
ss359q firmware -,
ss359z firmware -,
ss365a firmware -,
ss365b firmware -,
ss365c firmware -,
ss365d firmware -,
ss365e firmware -,
ss365f firmware -,
ss365g firmware -,
ss365h firmware -,
ss365j firmware -,
ss365k firmware -,
ss365l firmware -,
ss365m firmware -,
ss366a firmware -,
ss367a firmware -,
ss367b firmware -,
ss367c firmware -,
ss367d firmware -,
ss367e firmware -,
ss367f firmware -,
ss368a firmware -,
ss368b firmware -,
ss368c firmware -,
ss368d firmware -,
ss368e firmware -,
ss368f firmware -,
ss368g firmware -,
ss368h firmware -,
ss368j firmware -,
ss369a firmware -,
ss369b firmware -,
ss369c firmware -,
ss369d firmware -,
ss369e firmware -,
ss370a firmware -,
ss377a firmware -,
ss377b firmware -,
ss377c firmware -,
ss377d firmware -,
ss377e firmware -,
ss377f firmware -,
ss377g firmware -,
ss377h firmware -,
ss377j firmware -,
ss377k firmware -,
ss377l firmware -,
ss377m firmware -,
ss377n firmware -,
ss377p firmware -,
ss378a firmware -,
ss378b firmware -,
ss378c firmware -,
ss378c#304 firmware -,
ss378d firmware -,
ss378e firmware -,
ss378f firmware -,
ss378g firmware -,
ss378h firmware -,
ss378j firmware -,
ss378k firmware -,
ss379a firmware -,
ss379b firmware -,
ss380a firmware -,
ss380b firmware -,
ss380c firmware -,
ss381a firmware -,
ss382a firmware -,
ss383a firmware -,
ss383b firmware -,
ss383c firmware -,
ss383d firmware -,
ss383e firmware -,
ss383f firmware -,
ss383g firmware -,
ss383h firmware -,
ss383j firmware -,
ss383k firmware -,
ss383l firmware -,
ss383m firmware -,
ss383n firmware -,
ss383p firmware -,
ss383q firmware -,
ss383s firmware -,
ss383t firmware -,
ss383u firmware -,
ss383v firmware -,
ss383w firmware -,
ss383x firmware -,
ss383y firmware -,
ss383z firmware -,
ss384a firmware -,
ss384b firmware -,
ss384c firmware -,
ss384d firmware -,
ss384e firmware -,
ss385a firmware -,
ss386a firmware -,
ss386b firmware -,
ss386c firmware -,
ss386d firmware -,
ss386e firmware -,
ss386f firmware -,
ss387a firmware -,
ss387b firmware -,
ss388a firmware -,
ss388b firmware -,
ss388c firmware -,
ss388d firmware -,
ss388e firmware -,
ss388f firmware -,
ss388g firmware -,
ss388h firmware -,
ss388j firmware -,
ss388k firmware -,
ss388l firmware -,
ss389a firmware -,
ss389b firmware -,
ss389c firmware -,
ss389d firmware -,
ss389e firmware -,
ss389f firmware -,
ss389g firmware -,
ss389h firmware -,
ss389j firmware -,
ss389k firmware -,
ss389l firmware -,
ss389m firmware -,
ss389n firmware -,
ss389p firmware -,
ss389q firmware -,
ss389s firmware -,
ss389t firmware -,
ss389u firmware -,
ss389v firmware -,
ss389z firmware -,
ss390a firmware -,
ss390b firmware -,
ss390c firmware -,
ss390d firmware -,
ss390e firmware -,
ss390f firmware -,
ss390g firmware -,
ss390h firmware -,
ss391a firmware -,
ss391b firmware -,
ss391c firmware -,
ss391d firmware -,
ss391e firmware -,
ss391f firmware -,
ss392a firmware -,
ss392b firmware -,
ss392c firmware -,
ss393a firmware -,
ss393b firmware -,
ss393c firmware -,
ss394a firmware -,
ss395a firmware -,
ss395b firmware -,
ss395c firmware -,
ss395d firmware -,
ss395e firmware -,
ss395f firmware -,
ss395g firmware -,
ss395h firmware -,
ss395j firmware -,
ss395k firmware -,
ss395l firmware -,
ss395m firmware -,
ss395n firmware -,
ss395p firmware -,
ss395q firmware -,
ss395s firmware -,
ss395t firmware -,
ss396a firmware -,
ss396b firmware -,
ss396c firmware -,
ss396d firmware -,
ss396e firmware -,
ss396f firmware -,
ss396g firmware -,
ss396h firmware -,
ss397a firmware -,
ss397b firmware -,
ss397c firmware -,
ss397d firmware -,
ss397e firmware -,
ss397f firmware -,
ss397g firmware -,
ss397h firmware -,
ss397j firmware -,
ss397k firmware -,
ss397l firmware -,
ss397m firmware -,
ss397n firmware -,
ss397p firmware -,
ss397q firmware -,
ss398a firmware -,
ss398b firmware -,
ss398c firmware -,
ss398d firmware -,
ss398e firmware -,
ss398f firmware -,
ss398g firmware -,
ss404a firmware -,
ss404b firmware -,
ss404c firmware -,
ss404d firmware -,
ss404e firmware -,
ss404f firmware -,
ss404g firmware -,
ss404h firmware -,
ss404j firmware -,
ss404k firmware -,
ss404l firmware -,
ss404m firmware -,
ss404n firmware -,
ss404p firmware -,
ss404q firmware -,
ss404z firmware -,
st673a firmware -,
st673b firmware -,
st673c firmware -,
st673d firmware -,
st679a firmware -,
st679b firmware -,
st679c firmware -,
st679d firmware -,
st679e firmware -,
st679f firmware -,
st679g firmware -,
st679h firmware -,
st682a firmware -,
st682b firmware -,
st682c firmware -,
st683a firmware -,
st683b firmware -,
st683c firmware -,
st683d firmware -,
st683e firmware -,
st684a firmware -,
st684b firmware -,
st685a firmware -,
st686a firmware -,
st686b firmware -,
st686c firmware -,
st686d firmware -,
st686e firmware -,
st686f firmware -,
st686g firmware -,
st686h firmware -,
st687a firmware -,
st688a firmware -,
st688b firmware -,
st688c firmware -,
st688d firmware -,
st688e firmware -,
st688f firmware -,
st688g firmware -,
st688h firmware -,
st688j firmware -,
st689a firmware -,
st690a firmware -,
st690b firmware -,
st690c firmware -,
st690d firmware -,
st693a firmware -,
st693b firmware -,
st693c firmware -,
st693d firmware -,
st694a firmware -,
st694b firmware -,
st694c firmware -,
st694d firmware -,
st695a firmware -,
st695b firmware -,
st695c firmware -,
st695d firmware -,
sv531a firmware -,
sv899c firmware -,
sv899d firmware -,
sv901b firmware -,
sw112b firmware -,
sw116b firmware -,
sw176a firmware -,
sw176b firmware -,
sw176c firmware -,
sw192a firmware -,
w7u01a firmware -,
w7u02a firmware -

References

Canonical

CVE-2022-4894 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4894)

Miscellaneous

https://support.hp.com/us-en/document/ish_8947379-8947403-16/hpsbpi03857

Additional Info

Authenticated

Unknown

Exploitable

Unknown

Reliability

Unknown

Stability

Unknown

Available Mitigations

Unknown

Shelf Life

Unknown

Userbase/Installbase

Unknown

Patch Effectiveness

Unknown

Rapid7

Technical Analysis

Report as Emergent Threat Response

Please provide the link to the ETR blog if available.

Add a reference URL (optional):

Report as Zero-day Exploit

Please provide the link to the zero-day exploit reference.

Note: The source link you provide will create a new misc reference if it doesn't already exist.

Add a reference URL (optional):

Report as Exploited in the Wild

AttackerKB users want to know this is information they can trust.
Help the community by indicating the source(s) of your knowledge:

Vendor Advisory

Add a reference URL (required):

Please provide a link to the Vendor Advisory.
Government or Industry Alert

Add a reference URL (required):

Please provide a link to the Government or Industry Alert.
Threat Feed

Add a reference URL (required):

Please provide a link to the Threat Feed.
News Article or Blog

Add a reference URL (required):

Please provide a link to the News Reference.
Exploitation personally observed in an environment (client, customer, employer, or personal environment)

Add a reference URL (required):

Please provide a link or create an assessment as evidence to support your personal observation claim.
Other:

Please explain the source of your report.

Add a reference URL (required):

Please provide a link or create an assessment as evidence of the source of your report.

CVE ID

AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:

CVE ID:

Unknown

CVE-2022-4894

Unknown

Unknown

Required

Low

Local

CVE-2022-4894

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification