Vulnerability Details CVE-2022-26479
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://sec-consult.com/de/vulnerability-lab/advisory/poly-eagleeye-director-ii-kritische-schwachstellen/
- https://sec-consult.com/vulnerability-lab/advisory/critical-vulnerabilities-poly-eagleeye-director-ii/
- https://www.poly.com/us/en/support/security-center
- https://sec-consult.com/de/vulnerability-lab/advisory/poly-eagleeye-director-ii-kritische-schwachstellen/
- https://sec-consult.com/vulnerability-lab/advisory/critical-vulnerabilities-poly-eagleeye-director-ii/
- https://www.poly.com/us/en/support/security-center
Products affected by CVE-2022-26479
-
cpe:2.3:h:poly:eagleeye_director_ii:-
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:-
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:1.0.0
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:1.1.0
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:1.1.0.23
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:1.1.0.29
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:2.0.0
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:2.1.0.5
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:2.2
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:2.2.0.43
-
cpe:2.3:o:poly:eagleeye_director_ii_firmware:2.2.1.1