What is the severity of CVE-2022-36780?

CVE-2022-36780 is classified as a critical vulnerability due to the potential for unauthorized access to sensitive audio recordings.

How do I fix CVE-2022-36780?

To fix CVE-2022-36780, it is recommended to apply security updates from Avdor CIS and implement proper authentication mechanisms.

What types of systems does CVE-2022-36780 affect?

CVE-2022-36780 affects the Avdor CIS Crystal Quality phone call recorder system.

What is the impact of CVE-2022-36780?

The impact of CVE-2022-36780 allows attackers to listen to recorded calls without authentication, resulting in severe privacy violations.

How can unauthorized access via CVE-2022-36780 be mitigated?

Mitigation for CVE-2022-36780 includes enhancing access controls and ensuring all communications are secured to prevent unauthorized URL access.

Vulnerability/
CVE-2022-36780

medium

5.3

CWE

306

11/9/2022

3/8/2024

CVE-2022-36780: Avdor CIS - crystal quality Credentials Management Errors

First published: Sun Sep 11 2022(Updated: )

Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.

Credit: cna@cyber.gov.il

Affected Software	Affected Version	How to fix
SAP Crystal Reports

Remedy

Update to the latest version.

Never miss a vulnerability like this again

Reference Links

https://www.gov.il/en/Departments/faq/cve_advisories

Frequently Asked Questions

What is the severity of CVE-2022-36780?
CVE-2022-36780 is classified as a critical vulnerability due to the potential for unauthorized access to sensitive audio recordings.
How do I fix CVE-2022-36780?
To fix CVE-2022-36780, it is recommended to apply security updates from Avdor CIS and implement proper authentication mechanisms.
What types of systems does CVE-2022-36780 affect?
CVE-2022-36780 affects the Avdor CIS Crystal Quality phone call recorder system.
What is the impact of CVE-2022-36780?
The impact of CVE-2022-36780 allows attackers to listen to recorded calls without authentication, resulting in severe privacy violations.
How can unauthorized access via CVE-2022-36780 be mitigated?
Mitigation for CVE-2022-36780 includes enhancing access controls and ensuring all communications are secured to prevent unauthorized URL access.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/remedy
agent/references
agent/title
agent/weakness
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/avdorcis
canonical/sap crystal reports

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.