Vulnerability Details CVE-2022-45434
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.3%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2022-45434
-
cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2
-
cpe:2.3:a:dahuasecurity:dss_express:8.0.2
-
cpe:2.3:a:dahuasecurity:dss_express:8.0.4
-
cpe:2.3:a:dahuasecurity:dss_express:8.1
-
cpe:2.3:a:dahuasecurity:dss_express:8.1.1
-
cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2
-
cpe:2.3:a:dahuasecurity:dss_professional:8.0.2
-
cpe:2.3:a:dahuasecurity:dss_professional:8.0.4
-
cpe:2.3:a:dahuasecurity:dss_professional:8.1
-
cpe:2.3:a:dahuasecurity:dss_professional:8.1.1
-
cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-
-
cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-
-
cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1
-
cpe:2.3:o:microsoft:windows:-