Vulnerabilities > CVE-2022-44039 - Incorrect Authorization vulnerability in Franklinfueling Colibri Firmware 1.9.22.8925

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

franklinfueling

CWE-863

critical

NVD

Published: 2022-12-05

Updated: 2022-12-07

Summary

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password.

Vulnerable Configurations

Part	Description	Count
OS	Franklinfueling Franklinfueling Colibri Firmware 1.9.22.8925	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://pastebin.com/raw/64stbsWu