Cyber Resilience

CVE-2022-3010

High

Published: 02 January 2024

Published
02 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0013 31.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-3010 is a high-severity Use of Weak Credentials (CWE-1391) vulnerability in Priva Top Control Suite. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

priva
top control suite
≤ 8.7.8.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-916

Information from security contacts highlights password hashing methods with insufficient computational effort, preventing their adoption.

addresses: CWE-1391

Ensuring sufficient strength of mechanism for authenticators prevents use of weak credentials.

addresses: CWE-1391

Enforces use of credentials that comply with standards rather than weak credentials for module access.

References