Vulnerability Details CVE-2022-32985
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
- https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html
- https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
- https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html
Products affected by CVE-2022-32985
-
cpe:2.3:h:nexans:gigaswitch_641_desk_v5_sfp-vi:-
-
cpe:2.3:h:nexans:gigaswitch_642_desk_v5_sfp-2vi:-
-
cpe:2.3:h:nexans:gigaswitch_v5_2tp(pd-f+)_sfp-vi_54vdc:-
-
cpe:2.3:h:nexans:gigaswitch_v5_2tp(pse+)_sfp-vi_54vdc:-
-
cpe:2.3:h:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc:-
-
cpe:2.3:h:nexans:gigaswitch_v5_sfp-2vi_230vac:-
-
cpe:2.3:h:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc:-
-
cpe:2.3:h:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_ind:-
-
cpe:2.3:h:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_med:-
-
cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc:-
-
cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind:-
-
cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med:-
-
cpe:2.3:h:nexans:gigaswitch_v5_tp_sfp-vi_230vac:-
-
cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_641_desk_v5_sfp-vi_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_642_desk_v5_sfp-2vi_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_2tp(pd-f+)_sfp-vi_54vdc_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_2tp(pd-f+)_sfp-vi_54vdc_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_2tp(pse+)_sfp-vi_54vdc_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_2tp(pse+)_sfp-vi_54vdc_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_2tp_sfp-vi_54vdc_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_sfp-2vi_230vac_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_ind_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_ind_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_med_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_med_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware:-
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:*
-
cpe:2.3:o:nexans:gigaswitch_v5_tp_sfp-vi_230vac_firmware:-