Vulnerability Details CVE-2022-36385
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.4%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2022-36385
-
cpe:2.3:h:contechealth:cms8000:-
-
cpe:2.3:o:contechealth:cms8000_firmware:-