Vulnerabilities > CVE-2022-43326 - Authorization Bypass Through User-Controlled Key vulnerability in Telosalliance Omnia MPX Node Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

telosalliance

CWE-639

NVD

Published: 2022-11-29

Updated: 2023-02-01

Summary

An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.

Vulnerable Configurations

Part	Description	Count
OS	Telosalliance Telosalliance Omnia MPX Node Firmware 1.0.0 Telosalliance Omnia MPX Node Firmware 1.1.5 Telosalliance Omnia MPX Node Firmware 1.3.35 Telosalliance Omnia MPX Node Firmware 1.3.37 Telosalliance Omnia MPX Node Firmware 1.4.9	5
Hardware	Telosalliance Telosalliance Omnia MPX Node -	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-43326