Cyber Resilience

CVE-2022-36642

CriticalPublic PoC

Published: 02 September 2022

Published
02 September 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7072 98.7th percentile
Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-36642 is a critical-severity Missing Authorization (CWE-862) vulnerability in Telosalliance Omnia Mpx Node Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A local file disclosure vulnerability exists in the Telos Alliance Omnia MPX Node firmware through versions 1.0.0-1.4.9. The flaw resides in the /appConfig/userDB.json endpoint and stems from cleartext storage of sensitive information combined with missing authorization checks (CWE-862). Unauthenticated remote attackers can retrieve the file and obtain administrative credentials for the device's control panel.

An attacker requires only network access to the affected device and can exploit the issue without authentication or user interaction. Successful exploitation grants the ability to read stored user credentials, enabling initial access with high privileges to the management interface and full control over the audio-processing node.

Public references include detailed proof-of-concept write-ups, firmware analysis notes, and an Exploit-DB entry demonstrating the file disclosure and subsequent authentication bypass. No vendor advisory or patch information is referenced in the available sources.

The CVE carries a CVSS score of 9.8 and an EPSS score that has reached a peak of 0.7467, indicating substantial exploitation interest.

EU & UK References

Vulnerability details

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage…

more

of sensitive information which can be unlatched by exploiting the LFD vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

telosalliance
omnia mpx node firmware
1.5.0 · 1.0.0 — 1.5.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-862

Requiring an access control policy ensures authorization checks are defined and applied for critical functions.

addresses: CWE-862

Reviews of access controls detect missing authorization checks on critical functions or resources.

addresses: CWE-862

Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.

addresses: CWE-862

Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.

addresses: CWE-862

Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.

addresses: CWE-862

Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.

addresses: CWE-862

The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.

addresses: CWE-862

Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.

References