CVE-2022-39184 - Vulnerability Details - OpenCVE

EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Exfo	Bv-10 Bv-10 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:exfo:bv-10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:exfo:bv-10:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Tue, 08 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-287
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-01-12T00:00:00.000Z

Updated: 2025-04-08T14:08:06.480Z

Reserved: 2022-09-02T00:00:00.000Z

Link: CVE-2022-39184

Vulnrichment

Updated: 2024-08-03T12:00:42.379Z

NVD

Status : Modified

Published: 2023-01-12T16:15:09.677

Modified: 2025-04-08T14:15:27.723

Link: CVE-2022-39184

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39184", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "dateUpdated": "2025-04-08T14:08:06.480Z", "dateReserved": "2022-09-02T00:00:00.000Z", "datePublished": "2023-01-12T00:00:00.000Z"}, "containers": {"cna": {"title": "EXFO - BV-10 Performance Endpoint Unit Authentication bypass", "datePublic": "2023-01-12T00:00:00.000Z", "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2023-01-12T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass."}], "affected": [{"vendor": "EXFO", "product": "BV-10 Performance Endpoint Unit ", "versions": [{"version": "All versions latest", "status": "unknown"}]}], "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "credits": [{"lang": "en", "value": "MetaData"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Authentication bypass"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["ILVN-2022-0065"], "discovery": "UNKNOWN"}, "solutions": [{"lang": "en", "value": "Unit is EOL. Upgrade to a current unit or limit network access to trusted users only."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:42.379Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T14:06:58.319333Z", "id": "CVE-2022-39184", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:08:06.480Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:42.379Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-39184", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-08T14:06:58.319333Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:07:58.231Z"}}], "cna": {"title": "EXFO - BV-10 Performance Endpoint Unit Authentication bypass", "source": {"defect": ["ILVN-2022-0065"], "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "MetaData"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "EXFO", "product": "BV-10 Performance Endpoint Unit ", "versions": [{"status": "unknown", "version": "All versions latest"}]}], "solutions": [{"lang": "en", "value": "Unit is EOL. Upgrade to a current unit or limit network access to trusted users only."}], "datePublic": "2023-01-12T00:00:00.000Z", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Authentication bypass"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2023-01-12T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-39184", "state": "PUBLISHED", "dateUpdated": "2025-04-08T14:08:06.480Z", "dateReserved": "2022-09-02T00:00:00.000Z", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "datePublished": "2023-01-12T00:00:00.000Z", "assignerShortName": "INCD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:exfo:bv-10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "920F5AB4-C384-43AF-91F7-3FFEB0D1550E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:exfo:bv-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "6174A5DE-1DD7-4DEC-B7A1-05AFA3B1583E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass."}, {"lang": "es", "value": "Bypass de autenticaci\u00f3n en EXFO - BV-10 Performance Endpoint Unit. El usuario puede manipular manualmente el acceso permitiendo la omisi\u00f3n de autenticaci\u00f3n."}], "id": "CVE-2022-39184", "lastModified": "2025-04-08T14:15:27.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cna@cyber.gov.il", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-12T16:15:09.677", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}