CVE-2022-44565

MEDIUM

5.3CVSS v3

—CVSS v2

0.43% EPSS (exploit probability)

CWE-284CWE

Description

An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected routers (2)

Vendor	Model	Matched via	Affected versions	Fixed in	Patch Status
Ubiquiti	Ubiquiti airFiber	`—`	—	—	Unpatched
Ubiquiti	Ubiquiti airMAX (airOS)	`—`	—	—	Unpatched

External references

NIST NVD
MITRE CVE