CVE-2022-39811
First published: Fri Jan 27 2023(Updated: )
Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Italtel NetMatch-S CI | =5.2.0-20211008 | |
| =5.2.0-20211008 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-39811?
CVE-2022-39811 has been classified with a high severity due to its potential for unauthorized access and configuration modification.
How do I fix CVE-2022-39811?
Fixing CVE-2022-39811 involves updating the Italtel NetMatch-S CI software to a version that addresses the access control vulnerabilities.
What are the consequences of exploiting CVE-2022-39811?
Exploiting CVE-2022-39811 can allow an attacker to gain unauthorized access to restricted pages and modify critical system settings.
Who is affected by CVE-2022-39811?
Users and organizations using Italtel NetMatch-S CI version 5.2.0-20211008 are affected by CVE-2022-39811.
Is there a workaround for CVE-2022-39811?
Currently, there is no documented workaround for CVE-2022-39811, and an upgrade is recommended to mitigate the vulnerabilities.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/italtel
- canonical/italtel netmatch-s ci
- version/italtel netmatch-s ci/5.2.0-20211008