CVE-2022-40903

Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.aiphone.net/	Vendor Advisory
https://jvn.jp/en/jp/JVN75437943/index.html	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:aiphone:gt-dmb-n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aiphone:gt-dmb-n:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:aiphone:gt-dmb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aiphone:gt-dmb:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:aiphone:gt-dmb-lvn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aiphone:gt-dmb-lvn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:aiphone:gt-db-vn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aiphone:gt-db-vn:-:*:*:*:*:*:*:*

Information

Published : 2022-11-14 15:15

Updated : 2022-11-22 09:16

NVD link : CVE-2022-40903

Mitre link : CVE-2022-40903

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

aiphone

gt-dmb-lvn
gt-dmb
gt-dmb_firmware
gt-db-vn_firmware
gt-dmb-n_firmware
gt-db-vn
gt-dmb-lvn_firmware
gt-dmb-n

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.aiphone.net/", "name": "https://www.aiphone.net/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://jvn.jp/en/jp/JVN75437943/index.html", "name": "https://jvn.jp/en/jp/JVN75437943/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-40903", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2022-11-14T23:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:aiphone:gt-dmb-n_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.00"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:aiphone:gt-dmb-n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:aiphone:gt-dmb_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.00"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:aiphone:gt-dmb:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:aiphone:gt-dmb-lvn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.00"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:aiphone:gt-dmb-lvn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:aiphone:gt-db-vn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.00"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:aiphone:gt-db-vn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-22T17:16Z"}