CVE-2022-45963

Published: Dec 27, 2022Modified: Apr 11, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.

Affected (11)

Products: H3c: Secpath F5030 Firmware, Secpath F5060 Firmware, Secpath F5080 Firmware, Secpath F5030 D Firmware, Secpath F5060 D Firmware, Secpath F5080 D Firmware, Secpath F500 6gw Firmware, Secpath F5010 Firmware, Secpath F5020 Firmware, Secpath F5040 Firmware, Secpath F100 C G3 Firmware

11 products

Secpath F5030 Firmware

Secpath F5060 Firmware

Secpath F5080 Firmware

Secpath F5030 D Firmware

Secpath F5060 D Firmware

Secpath F5080 D Firmware

Secpath F500 6gw Firmware

Secpath F5010 Firmware

Secpath F5020 Firmware

Secpath F5040 Firmware

Secpath F100 C G3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5030 Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5030	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5060 Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5060	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5080 Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5080	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5030 D Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5030 D	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5060 D Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5060 D	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5080 D Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5080 D	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F500 6gw Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F500 6gw	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5010 Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5010	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5020 Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5020	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F5040 Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F5040	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
H3c Secpath F100 C G3 Firmware	Up to 3.10_ess6703

Running on/with	Platform Versions
H3c Secpath F100 C G3	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://gist.github.com/yinfei6/fc6478328f8c2e2bf62a631a81afb265

Source: cve@mitre.org

Third Party Advisory

https://gist.github.com/yinfei6/fc6478328f8c2e2bf62a631a81afb265

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.