Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38168

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.

Published

2022-11-03T21:15:09.660

Last Modified

2025-05-02T21:15:18.353

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Primary
CWE-306
Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	avaya	scopia_pathfinder_10_pts_firmware	8.3.7.0.4	Yes
Hardware	avaya	scopia_pathfinder_10_pts	-	No
Operating System	avaya	scopia_pathfinder_20_pts_firmware	8.3.7.0.4	Yes
Hardware	avaya	scopia_pathfinder_20_pts	-	No

References

https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae Exploit, Third Party Advisory ([email protected])
https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)