Vulnerabilities > CVE-2022-31484 - Forced Browsing vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

hidglobal

carrier

CWE-425

NVD

Published: 2022-06-06

Updated: 2022-06-17

Summary

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.

Vulnerable Configurations

Part	Description	Count
OS	Hidglobal Hidglobal Lp1501 Firmware - Hidglobal Lp1502 Firmware - Hidglobal Lp2500 Firmware - Hidglobal Lp4502 Firmware - Hidglobal Ep4502 Firmware -	5
OS	Carrier Carrier Lenels2 LNL 4420 Firmware - Carrier Lenels2 LNL X2210 Firmware - Carrier Lenels2 LNL X2220 Firmware - Carrier Lenels2 LNL X3300 Firmware - Carrier Lenels2 LNL X4420 Firmware - Carrier Lenels2 S2 LP 1501 Firmware - Carrier Lenels2 S2 LP 1502 Firmware - Carrier Lenels2 S2 LP 2500 Firmware - Carrier Lenels2 S2 LP 4502 Firmware -	9
Hardware	Hidglobal Hidglobal Lp1501 - Hidglobal Lp1502 - Hidglobal Lp2500 - Hidglobal Lp4502 - Hidglobal Ep4502 -	5
Hardware	Carrier Carrier Lenels2 LNL 4420 - Carrier Lenels2 LNL X2210 - Carrier Lenels2 LNL X2220 - Carrier Lenels2 LNL X3300 - Carrier Lenels2 LNL X4420 - Carrier Lenels2 S2 LP 1501 - Carrier Lenels2 S2 LP 1502 - Carrier Lenels2 S2 LP 2500 - Carrier Lenels2 S2 LP 4502 -	9

Common Weakness Enumeration (CWE)

CWE-425 - Direct Request ('Forced Browsing')

Common Attack Pattern Enumeration and Classification (CAPEC)

Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
Forceful Browsing
An attacker employs forceful browsing to access portions of a website that are otherwise unreachable through direct URL entry. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.

References

https://www.corporate.carrier.com/product-security/advisories-resources/