← Back

CVE-2022-3090

nvd nist
Published: Nov 17, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

Affected (121)

Products: Redlion: Crimson
Redlion
1 product
Crimson
Configuration A
121 vulnerable
Vulnerable SoftwareAffected Versions
Redlion
Crimson
Before 3.0
Crimson
Version 3.0
Crimson
Version 3.0 build_477.003
Crimson
Version 3.0 build_493.003
Crimson
Version 3.0 build_493.004
Crimson
Version 3.0 build_493.005
Crimson
Version 3.0 build_502.000
Crimson
Version 3.0 build_502.001
Crimson
Version 3.0 build_502.003
Crimson
Version 3.0 build_515.002
Crimson
Version 3.0 build_515.003
Crimson
Version 3.0 build_523.003
Crimson
Version 3.0 build_530.000
Crimson
Version 3.0 build_530.001
Crimson
Version 3.0 build_530.002
Crimson
Version 3.0 build_530.003
Crimson
Version 3.0 build_548.001
Crimson
Version 3.0 build_548.005
Crimson
Version 3.0 build_573.001
Crimson
Version 3.0 build_573.002
Crimson
Version 3.0 build_579.001
Crimson
Version 3.0 build_579.003
Crimson
Version 3.0 build_582.000
Crimson
Version 3.0 build_582.001
Crimson
Version 3.0 build_582.003
Crimson
Version 3.0 build_582.004
Crimson
Version 3.0 build_599.000
Crimson
Version 3.0 build_599.001
Crimson
Version 3.0 build_603.000
Crimson
Version 3.0 build_605.002
Crimson
Version 3.0 build_615.004
Crimson
Version 3.0 build_619.002
Crimson
Version 3.0 build_619.004
Crimson
Version 3.0 build_624.000
Crimson
Version 3.0 build_624.005
Crimson
Version 3.0 build_635.000
Crimson
Version 3.0 build_635.001
Crimson
Version 3.0 build_639.000
Crimson
Version 3.0 build_640.000
Crimson
Version 3.0 build_640.001
Crimson
Version 3.0 build_640.002
Crimson
Version 3.0 build_647.002
Crimson
Version 3.0 build_657.001
Crimson
Version 3.0 build_657.003
Crimson
Version 3.0 build_662.002
Crimson
Version 3.0 build_662.006
Crimson
Version 3.0 build_675.000
Crimson
Version 3.0 build_678.002
Crimson
Version 3.0 build_683.000
Crimson
Version 3.0 build_683.001
Crimson
Version 3.0 build_683.002
Crimson
Version 3.0 build_690.001
Crimson
Version 3.0 build_690.002
Crimson
Version 3.0 build_693.000
Crimson
Version 3.0 build_694.000
Crimson
Version 3.0 build_697.001
Crimson
Version 3.0 build_697.002
Crimson
Version 3.0 build_697.003
Crimson
Version 3.0 build_700.000
Crimson
Version 3.0 build_702.002
Crimson
Version 3.0 build_702.004
Crimson
Version 3.0 build_703.001
Crimson
Version 3.0 build_705.000
Crimson
Version 3.0 build_707.000
Crimson
Version 3.1
Crimson
Version 3.1 build_3100.000
Crimson
Version 3.1 build_3100.002
Crimson
Version 3.1 build_3100.003
Crimson
Version 3.1 build_3100.008
Crimson
Version 3.1 build_3100.009
Crimson
Version 3.1 build_3100.010
Crimson
Version 3.1 build_3101.001
Crimson
Version 3.1 build_3104.000
Crimson
Version 3.1 build_3106.000
Crimson
Version 3.1 build_3106.004
Crimson
Version 3.1 build_3108.002
Crimson
Version 3.1 build_3108.004
Crimson
Version 3.1 build_3109.003
Crimson
Version 3.1 build_3109.004
Crimson
Version 3.1 build_3110.000
Crimson
Version 3.1 build_3110.002
Crimson
Version 3.1 build_3110.004
Crimson
Version 3.1 build_3111.000
Crimson
Version 3.1 build_3112.000
Crimson
Version 3.1 build_3113.000
Crimson
Version 3.1 build_3114.002
Crimson
Version 3.1 build_3115.006
Crimson
Version 3.1 build_3115.008
Crimson
Version 3.1 build_3115.009
Crimson
Version 3.1 build_3116.000
Crimson
Version 3.1 build_3119.001
Crimson
Version 3.1 build_3119.002
Crimson
Version 3.1 build_3120.000
Crimson
Version 3.1 build_3120.001
Crimson
Version 3.1 build_3121.000
Crimson
Version 3.1 build_3122.000
Crimson
Version 3.1 build_3122.001
Crimson
Version 3.1 build_3123.000
Crimson
Version 3.1 build_3123.001
Crimson
Version 3.1 build_3124.000
Crimson
Version 3.1 build_3125.003
Crimson
Version 3.1 build_3125.006
Crimson
Version 3.1 build_3125.007
Crimson
Version 3.1 build_3126.000
Crimson
Version 3.1 build_3126.001
Crimson
Version 3.2
Crimson
Version 3.2 build_3.2.0008.0
Crimson
Version 3.2 build_3.2.0014.0
Crimson
Version 3.2 build_3.2.0015.0
Crimson
Version 3.2 build_3.2.0016.0
Crimson
Version 3.2 build_3.2.0020.0
Crimson
Version 3.2 build_3.2.0021.0
Crimson
Version 3.2 build_3.2.0025.0
Crimson
Version 3.2 build_3.2.0026.0
Crimson
Version 3.2 build_3.2.0030.0
Crimson
Version 3.2 build_3.2.0031.0
Crimson
Version 3.2 build_3.2.0035.0
Crimson
Version 3.2 build_3.2.0036.0
Crimson
Version 3.2 build_3.2.0040.0
Crimson
Version 3.2 build_3.2.0041.0
Crimson
Version 3.2 build_3.2.0044.0

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.