CVE-2022-44565 - Vulnerability Details - OpenCVE

An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ui	Airfiber 60 Airfiber 60-hd Airfiber 60-hd Firmware Airfiber 60-lr Airfiber 60-lr Firmware Airfiber 60-xg Airfiber 60-xg Firmware Airfiber 60 Firmware Airfiber Gigabeam Airfiber Gigabeam Firmware Airmax Ac Airmax Ac Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ui:airfiber_gigabeam_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_gigabeam:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ui:airfiber_60-xg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60-xg:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ui:airfiber_60-hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60-hd:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ui:airfiber_60-lr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60-lr:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ui:airfiber_60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:airfiber_60:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05

History

Tue, 15 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2022-12-23T00:00:00.000Z

Updated: 2025-04-15T14:20:27.057Z

Reserved: 2022-11-01T00:00:00.000Z

Link: CVE-2022-44565

Vulnrichment

Updated: 2024-08-03T13:54:03.925Z

NVD

Status : Modified

Published: 2022-12-23T15:15:15.847

Modified: 2025-04-15T15:16:00.450

Link: CVE-2022-44565

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-44565", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2025-04-15T14:20:27.057Z", "dateReserved": "2022-11-01T00:00:00.000Z", "datePublished": "2022-12-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2022-12-23T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device."}], "affected": [{"vendor": "n/a", "product": "UISP Wireless", "versions": [{"version": "Fixed Versions airMAX AC to Version 8.7.11 or later, airFiber 60/LR to Version 2.6.2 or later, airFiber 60 XG/HD to Version 1.0.0 or later, GBE to Version 1.4.1 or later.", "status": "affected"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Improper Access Control - Generic (CWE-284)", "cweId": "CWE-284"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.925Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T14:19:53.003800Z", "id": "CVE-2022-44565", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T14:20:27.057Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-44565", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2025-04-15T14:20:27.057Z", "dateReserved": "2022-11-01T00:00:00.000Z", "datePublished": "2022-12-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2022-12-23T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device."}], "affected": [{"vendor": "n/a", "product": "UISP Wireless", "versions": [{"version": "Fixed Versions airMAX AC to Version 8.7.11 or later, airFiber 60/LR to Version 2.6.2 or later, airFiber 60 XG/HD to Version 1.0.0 or later, GBE to Version 1.4.1 or later.", "status": "affected"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Improper Access Control - Generic (CWE-284)", "cweId": "CWE-284"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.925Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-44565", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T14:19:53.003800Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T14:20:20.397Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_gigabeam_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0510CBD3-ECAB-4EAE-B813-A365EE2427CF", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_gigabeam:-:*:*:*:*:*:*:*", "matchCriteriaId": "27162356-52BC-4F91-B621-090FD2146BAD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60-xg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D9186FA-50AA-441F-9046-B3BD3414119F", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60-xg:-:*:*:*:*:*:*:*", "matchCriteriaId": "D617F313-DFC0-4B0B-837B-52A2F99B7D35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60-hd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD966B48-6F6E-4BED-B85B-700B8EA5037E", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60-hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF242E77-8776-431E-8140-CCBD0113F9EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60-lr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB9E8D61-70F7-44E3-ACB7-2F114B221669", "versionEndExcluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60-lr:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6A02180-9B12-4DF6-89FB-B6223CEDDFA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFEA6FA8-7BEE-4DF2-9F7E-B761F6FB0F0F", "versionEndExcluding": "8.7.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E17A9B8-9B06-4F94-A72D-5D1090092519", "versionEndExcluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_60:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1DC32EA-21B5-444A-8EC1-7B4AB564CB94", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de acceso incorrecto en airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD"}], "id": "CVE-2022-44565", "lastModified": "2025-04-15T15:16:00.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-23T15:15:15.847", "references": [{"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}